Hi Badar <http://images.google.co.in/imgres?imgurl=http://thumbnails.lightreading.com/thumbnails/lr_307355_633734532327504718.jpg&imgrefurl=http://www.lightreading.com/document.asp%3Fdoc_id%3D173949&usg=__zh-_pX9DLl658LWP3_A-JKBEORg=&h=100&w=100&sz=4&hl=en&start=82&sig2=LMRE7t1eIq-0RXraBNhKaQ&itbs=1&tbnid=wYeb6xDlY5goEM:&tbnh=82&tbnw=82&prev=/images%3Fq%3Dvadivelu%26start%3D63%26hl%3Den%26sa%3DN%26gbv%3D2%26ndsp%3D21%26tbs%3Disch:1&ei=WCWeS96mD4GmrQetn8GOBA>Turn on "debug tacacs" and you can see the AV attirbute that the IOS router is sending the ACS. Based on this only, you configure the "New servcies".
What are the request attribute sent for telnet proxy and http proxy with debug tacacs. With regards Kings On Mon, Mar 15, 2010 at 2:41 PM, Badar Farooq <[email protected]> wrote: > I did some more research. Using radius, the issue doesnt happen. > I tested cisco av pairs > > auth-proxy:priv-lvl=15 > auth-proxy:proxyacl#1=permit ip any any > > as well as > > shell:priv-lvl=15 > shell:proxyacl#1=permit ip any any > > and http and telnet both works fine. > With Tacacs though, I am still having the issue. > > To recount, the issue is , if in services, while adding auth-proxy, if > protocol ip is added, http proxy doesnt work and telnet proxy works, and if > protocol field is left blank, http proxy works and telnet doesnt. > > Waiting for a feedback from you guys:) > > Regards > > > > On Mon, Mar 15, 2010 at 11:22 AM, Badar Farooq <[email protected]>wrote: > >> I am having a strange issue. >> Using Auth proxy with tacacs+, if I use service auth-proxy without >> mentioning the protocol, http proxy works fine. But telnet proxy doesnt >> work. >> Similarly, I enable auth-proxy with ip protocol, telnet proxy works fine >> but http proxy doesnt work. >> >> Ironically, If i add two proxy services, auth-proxy with protocol ip and >> then without it, even then one of the two works are any given time. >> >> I dont understand it. Looking forward to some feedback... >> >> Regards >> Badar >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
