RE: ACS TACACS+

Yep and you should see an error in ACS saying something like
unknown
host.

-----Original Message-----
From: nobodygroupstudy.com [mailto:nobodygroupstudy.com] On Behalf
Of
James Willard
Sent: Wednesday, July 16, 2008 6:03 PM
To: ciscogroupstudy.com
Subject: RE: ACS TACACS+ [7:131970]

Check your "ip tacacs source-interface" on the
switches. If it does not
match with the IP address you have configured in ACS, you
will get a
failure
such as this.


James


-----Original Message-----
From: nobodygroupstudy.com [mailto:nobodygroupstudy.com] 
Sent: Wednesday, July 16, 2008 5:55 PM
To: ciscogroupstudy.com
Subject: ACS TACACS+ [7:131970]

I am using ACS 4.0 and cannot seem to get a 6513 or 3560 to
authenticate.  I
can ping the ACS from each and when I debug it I get whats
listed.

I have checked multiple times the key string on both sides.

Any help would be appreciated.

Jul 16 16:41:34.387: TAC+: Using default tacacs server-group
"MB-AAA"
list.
Jul 16 16:41:34.387: TAC+: Opening TCP/IP to IP ADDRESS/49
timeout=5
Jul 16 16:41:34.391: TAC+: Opened TCP/IP handle 0x4570A858
to
172.30.1.110/49
Jul 16 16:41:34.391: TAC+: IP ADRESS (3508795005)
ACCT/REQUEST/STOP
queued
Jul 16 16:41:34.491: TAC+: (3508795005) ACCT/REQUEST/STOP
processed
Jul 16 16:41:34.491: TAC+: received bad ACCT packet: type =
0, expected
3
Jul 16 16:41:34.491: TAC+: Invalid ACCT/REQUEST/STOP packet
(check
keys).
Jul 16 16:41:34.491: TAC+: Closing TCP/IP 0x4570A858
connection to IP
ADDRESS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7
&i=131972&t=131970
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.
groupstudy.com/list/cisco.html