- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: HP5500-HI + TACACS ACS (version 5.7) CISCO
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2016 11:53 AM
тАО02-03-2016 11:53 AM
HP5500-HI + TACACS ACS (version 5.7) CISCO
Hi guys,
I have a privilege level problem between an HP switch and the Cisco ACS server.
Apparently the ACS server is not passing the parameters of privilege properly and this is causing the Users do not access the switch.
Does anyone have any idea of the parameters that I set the ACS for the privilege of problems to be solved?
The following logs that captured the switch for analysis:
*Jun 21 21:49:31:862 2000 GRU-TP3-SW-CE-0180 TAC/7/Event: Create HWTACACS authentication request packet success
*Jun 21 21:49:31:863 2000 GRU-TP3-SW-CE-0180 TAC/7/Event:
TAC_MESSAGE for AAA->TAC:
*Jun 21 21:49:31:864 2000 GRU-TP3-SW-CE-0180 TAC/7/Event:
TAC_MESSAGE for AAA->TAC:
UserID=93 PacketType=3 AuthenType=1
AuthenService=1 PrivLevel=0 Version=c0 TemplateNum=0
UserName=teste PortName=vty1 RemAddress=192.168.1.23
UserMsg=****** DataMsg=******
*Jun 21 21:49:31:866 2000 GRU-TP3-SW-CE-0180 TAC/7/Event:
TAC_MESSAGE for AAA->TAC:
*Jun 21 21:49:31:867 2000 GRU-TP3-SW-CE-0180 TAC/7/Event:
TAC_MESSAGE for AAA->TAC:
UserID=93 PacketType=3 AuthenType=1
AuthenService=1 PrivLevel=0 Version=c0 TemplateNum=0
UserName=teste PortName=vty1 RemAddress=192.168.1.23
UserMsg=****** DataMsg=******
*Jun 21 21:49:31:868 2000 GRU-TP3-SW-CE-0180 TAC/7/Event: Got nas-ip 10.36.1.132 and VPN 0 of server 172.31.50.169.
*Jun 21 21:49:31:869 2000 GRU-TP3-SW-CE-0180 TAC/7/Event: Successfully set socket VPN attribute (VPN index: 0).
*Jun 21 21:49:31:869 2000 GRU-TP3-SW-CE-0180 TAC/7/Event:
hwtacacs create new session :
session id: 91286, user id: 93, server ip: 172.31.50.169
*Jun 21 21:49:31:870 2000 GRU-TP3-SW-CE-0180 TAC/7/Event: The tac session-mng timer has resumed.
*Jun 21 21:49:31:871 2000 GRU-TP3-SW-CE-0180 TAC/7/Event:
version:c0 type:AUTHEN_REQUEST
seq_no:1 flag:ENCRYPTED_FLAG
session_id:16496 length:37
action:AUTHEN_LOGIN priv_lvl:VISIT authen_type:AUTHEN_TYPE_ASCII
service:AUTHEN_SVC_LOGIN
user len:13 port len:4 rem_addr len:12 data len:0
user name:teste port:vty1 rem_addr:192.168.1.23 data:
*Jun 21 21:49:31:872 2000 GRU-TP3-SW-CE-0180 TAC/7/Event: statistic: transmit flag:1, server flag: 0,packet flag:0xff
*Jun 21 21:49:31:874 2000 GRU-TP3-SW-CE-0180 TAC/7/Event:
hwtacacs packet sending success!
version:c0 type:01 sequence:01 flag:00 session id:91286 length:37
*Jun 21 21:49:31:875 2000 GRU-TP3-SW-CE-0180 TAC/7/Event: Authentication sending(Result = 0)
*Jun 21 21:49:31:878 2000 GRU-TP3-SW-CE-0180 TAC/7/Event: No useful server.
*Jun 21 21:49:31:879 2000 GRU-TP3-SW-CE-0180 TAC/7/Event:
TAC_AUTHEN_NoReplyCallBack:no useful hwtac server
*Jun 21 21:49:31:879 2000 GRU-TP3-SW-CE-0180 TAC/7/Event:
TAC_MESSAGE for TAC->AAA:
*Jun 21 21:49:31:880 2000 GRU-TP3-SW-CE-0180 TAC/7/Event:
TAC_MESSAGE for TAC->AAA:
ulUserID=93
ucTACTemplateNO=0
ucflag=51
Echo=0
ServerMsg=
*Jun 21 21:49:31:881 2000 GRU-TP3-SW-CE-0180 TAC/7/Event:
server172.31.50.169 close a session 91286 with user 93!
*Jun 21 21:49:31:882 2000 GRU-TP3-SW-CE-0180 TAC/7/Event:
hwtacacs session is deleted due to finishing session:
session id: 91286, user id: 93, server ip: 172.31.50.169
*Jun 21 21:49:31:883 2000 GRU-TP3-SW-CE-0180 TAC/7/Event: Tac receive ASYN CLOSE message, discard it.
*Jun 21 21:49:32:856 2000 GRU-TP3-SW-CE-0180 TAC/7/Event: The tac session-mng timer has paused.
#Jun 21 21:49:32:886 2000 GRU-TP3-SW-CE-0180 SSH/4/TrapAuthFailed:
1.3.6.1.4.1.25506.2.22.1.3.0.1 SSH authentication fail trap information
#Jun 21 21:50:02:425 2000 GRU-TP3-SW-CE-0180 SSH/4/TrapAuthFailed:
1.3.6.1.4.1.25506.2.22.1.3.0.1 SSH authentication fail trap information
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-10-2016 02:13 AM
тАО02-10-2016 02:13 AM
Re: HP5500-HI + TACACS ACS (version 5.7) CISCO
Hi,
Please be aware of attached AAA service guide - integration of Cisco ACS and Comware
What version of Comware do you have? 5 or 7?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-10-2016 05:38 AM
тАО02-10-2016 05:38 AM
Re: HP5500-HI + TACACS ACS (version 5.7) CISCO
Hi Mike,
thanks for listening. We are using Comware 5.