Hi,
I have a problem that maybe someone can help me with.
We have a tacacs+ server on a 10.9.3.* subnet. EasyACS running on a WinNT 4.0 server. It is configured to use a NAS that is on the same subnet for a RAS dailup that is setup.
The problem is that I want to authenticate users via tacacs+ from a different subnet 10.9.71.* but for some reason the tacacs+ server isn't passing packets back to the Cisco 2500 router on that subnet. It can be pinged fine from the router.
ie:
Server: 10.9.3.12/49: opens=150 closes=150 aborts=0 errors=0
packets in=0 packets out=365601
no connection
Has anyone every worked with EasyACS. Is it the case that the tacacs server will only allow authentication that comes through the NAS server that is setup in the EasyACS configuration. If this is the case, is it possible to add another NAS server in there?
I have included the aaa authentication model below:
aaa new-model
aaa authentication login default tacacs+ enable none
aaa authentication login duns none
aaa authentication enable default tacacs+ enable none
aaa authorization exec tacacs+ if-authenticated
aaa authorization commands 0 tacacs+ if-authenticated
aaa authorization network tacacs+ if-authethenticated
aaa accounting exec start-stop tacacs+
Thanks
Philipp
I have a problem that maybe someone can help me with.
We have a tacacs+ server on a 10.9.3.* subnet. EasyACS running on a WinNT 4.0 server. It is configured to use a NAS that is on the same subnet for a RAS dailup that is setup.
The problem is that I want to authenticate users via tacacs+ from a different subnet 10.9.71.* but for some reason the tacacs+ server isn't passing packets back to the Cisco 2500 router on that subnet. It can be pinged fine from the router.
ie:
Server: 10.9.3.12/49: opens=150 closes=150 aborts=0 errors=0
packets in=0 packets out=365601
no connection
Has anyone every worked with EasyACS. Is it the case that the tacacs server will only allow authentication that comes through the NAS server that is setup in the EasyACS configuration. If this is the case, is it possible to add another NAS server in there?
I have included the aaa authentication model below:
aaa new-model
aaa authentication login default tacacs+ enable none
aaa authentication login duns none
aaa authentication enable default tacacs+ enable none
aaa authorization exec tacacs+ if-authenticated
aaa authorization commands 0 tacacs+ if-authenticated
aaa authorization network tacacs+ if-authethenticated
aaa accounting exec start-stop tacacs+
Thanks
Philipp
