[c-nsp] SXI, TACACS+ in VRF

Daniska, Tomas tomas at soitron.com
Wed Sep 2 08:20:47 EDT 2009 

Hi,

anyone using TACACS+ authentication from VRF in SXI successfully? We
have login authentication/authorization working, but for enable
authentication the box somehow fails to connect to the TACACS+ server.

!
aaa group server tacacs+ XXX_tacacs
 server-private x.x.29.142 key ...
 ip vrf forwarding mgmt
 ip tacacs source-interface Loopback1
!
aaa authentication login XXX group XXX_tacacs local
aaa authentication enable default group XXX_tacacs enable
...
!

...
Aug 28 17:00:37.285: AAA/AUTHOR: auth_need : user= 'user' ruser=
'BA_MN1_CO'rem_addr= 'x.x.251.101' priv= 0 list= '' AUTHOR-TYPE=
'command'
Aug 28 17:00:37.285: AAA: parse name=tty2 idb type=-1 tty=-1
Aug 28 17:00:37.285: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0
adapter=0 port=2 channel=0
Aug 28 17:00:37.285: AAA/MEMORY: create_user (0xF7E8CF8) user='user'
ruser='NULL' ds0=0 port='tty2' rem_addr='x.x.251.101' authen_type=ASCII
service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
Aug 28 17:00:37.285: AAA/AUTHEN/START (4278438600): port='tty2'
list='XXX' action=LOGIN service=ENABLE
Aug 28 17:00:37.285: AAA/AUTHEN/START (4278438600): using "default" list
Aug 28 17:00:37.285: AAA/AUTHEN/START (4278438600): Method=XXX_tacacs
(tacacs+)
Aug 28 17:00:37.285: TAC+: send AUTHEN/START packet ver=192 id=-16528696
Aug 28 17:00:37.285: TAC+: Opening TCP/IP to x.x.29.142/49 timeout=5
Aug 28 17:00:37.289: TAC+: TCP/IP open to x.x.29.142/49 failed --
Destination unreachable; gateway or host down
Aug 28 17:00:37.289: AAA/AUTHEN (4278438600): status = ERROR
Aug 28 17:00:37.289: AAA/AUTHEN/START (4278438600): Method=ENABLE
Aug 28 17:00:37.289: AAA/AUTHEN (4278438600): status = GETPASS
Aug 28 17:00:45.021: AAA/AUTHEN/CONT (4278438600): continue_login
(user='(undef)')
Aug 28 17:00:45.021: AAA/AUTHEN (4278438600): status = GETPASS
Aug 28 17:00:45.021: AAA/AUTHEN/CONT (4278438600): Method=ENABLE
Aug 28 17:00:45.025: AAA/AUTHEN (4278438600): password incorrect
Aug 28 17:00:45.025: AAA/AUTHEN (4278438600): status = FAIL


thx

--

deejay


 

__________ Informacia od ESET NOD32 Antivirus, verzia databazy 4388
(20090902) __________

Tuto spravu preveril ESET NOD32 Antivirus.

http://www.eset.sk

More information about the cisco-nsp mailing list