This is my first time. I am trying to understand about how to reply a certain port.
Right now I am trying to reply to. [OSL | CCIE_Security] TACACS/RADIUS 0 No authoritative response from any server. Can you please explain me on how to post... Also is possible can you post the following comments. Response: """ Can you draw your topology here, like how is your ACS, SW and FW are connected. Are they in the same Vlan? I think this is a routing issue, is there is a FW in between, then may be FW is not sending the traffic out the correct interface. """" Thanks, On Sat, Feb 19, 2011 at 2:22 PM, <[email protected]> wrote: > Send CCIE_Security mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/mailman/listinfo/ccie_security > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CCIE_Security digest..." > > > Today's Topics: > > 1. TACACS/RADIUS 0 No authoritative response from any server. > (Pemasiri Devanarayana) > 2. Re: DHCP Starvation attack - OEQ (Pemasiri Devanarayana) > 3. Re: TACACS/RADIUS 0 No authoritative response from any > server. (Ruwan Wickramanayake) > 4. Re: TACACS/RADIUS 0 No authoritative response from any > server. (Kingsley Charles) > 5. Re: TACACS/RADIUS 0 No authoritative response from any > server. (Pemasiri Devanarayana) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 19 Feb 2011 20:39:19 +0300 > From: Pemasiri Devanarayana <[email protected]> > To: [email protected], Tyson Scott > <[email protected]>, Kingsley Charles <[email protected]>, > Piotr Matusiak <[email protected]>, Mark Senteza > <[email protected]> > Subject: [OSL | CCIE_Security] TACACS/RADIUS 0 No authoritative > response from any server. > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > Hi All, > > I'm running Windows (2003) ACS server on my lab. Most of the time when I try > to test aaa I used to get "No authoritative response from any server" this > error, and all the time I make sure that I can access ACS server from the > client and firewall hits are increasing when I try. I used to restart the > ACS services (tacacs/radius) from windows services but still no luck.. Here > is my one example. > > Appreciate if some experts can advise me what is this issue here..?? > > sw1#sh run | in aaa > aaa new-model > aaa authentication login tauth group tacacs+ > aaa authentication login noauth none > aaa session-id common > Sw1#sh run | in tac > Sw1#sh run | in tac > aaa authentication login tauth group tacacs+ > ip tacacs source-interface FastEthernet0/18 > tacacs-server host 192.168.2.14 > tacacs-server directed-request > tacacs-server key cisco > Sw1#test > Sw1#test aaa gr > Sw1#test aaa group t > Sw1#test aaa group tacacs+ user1 cisco le > Sw1#test aaa group tacacs+ user1 cisco legacy > Attempting authentication test to server-group tacacs+ using tacacs+ > No authoritative response from any server. > > SW1 has already been added to ACS server as aaa client with key cisco... > > Sw1#ping 192.168.2.14 (ACS server) > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 192.168.2.14, timeout is 2 seconds: > !!!!! > Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms > > Firewall ACL hits > access-list out line 12 extended permit tcp host 192.168.8.11 host > 192.168.2.14 eq tacacs (hitcnt=2) 0x9e1bac37 > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_security/attachments/20110219/2e33629b/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Sat, 19 Feb 2011 20:40:14 +0300 > From: Pemasiri Devanarayana <[email protected]> > To: Tyson Scott <[email protected]> > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] DHCP Starvation attack - OEQ > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > Thanks Tyson for your response.. > > On Sat, Feb 19, 2011 at 7:29 PM, Tyson Scott <[email protected]> wrote: > >> port security >> >> >> >> Regards, >> >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> Managing Partner / Sr. Instructor - IPexpert, Inc. >> Mailto: [email protected] >> Telephone: +1.810.326.1444, ext. 208 >> Live Assistance, Please visit: www.ipexpert.com/chat >> eFax: +1.810.454.0130 >> >> >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> www.ipexpert.com/communities and our public website at www.ipexpert.com >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Pemasiri >> Devanarayana >> *Sent:* Saturday, February 19, 2011 4:39 AM >> *To:* [email protected] >> *Subject:* [OSL | CCIE_Security] DHCP Starvation attack - OEQ >> >> >> >> Hi, >> >> Can some one clarify that which mitigation solution is best for >> DHCP starvation attack.. >> >> >> >> - Port security or the DHCP snooping....? >> >> >> >> thanks >> >> >> >> >> >> >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_security/attachments/20110219/bc44bc3a/attachment-0001.html> > > ------------------------------ > > Message: 3 > Date: Sun, 20 Feb 2011 00:06:43 +0530 > From: Ruwan Wickramanayake <[email protected]> > To: Pemasiri Devanarayana <[email protected]> > Cc: Piotr Matusiak <[email protected]>, > [email protected] > Subject: Re: [OSL | CCIE_Security] TACACS/RADIUS 0 No authoritative > response from any server. > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > Hi Premasiri, > > I haven't had any experience like this. But what I've heard is that if > you're using the trial version, after the expiration, it will silently stop > responding to the queries. > > You can try the same after reinstalling the ACS. > > Regds, > Ruwan. > > On Sat, Feb 19, 2011 at 11:09 PM, Pemasiri Devanarayana > <[email protected]>wrote: > >> Hi All, >> >> I'm running Windows (2003) ACS server on my lab. Most of the time when I >> try to test aaa I used to get "No authoritative response from any server" >> this error, and all the time I make sure that I can access ACS server from >> the client and firewall hits are increasing when I try. I used to restart >> the ACS services (tacacs/radius) from windows services but still no luck.. >> Here is my one example. >> >> Appreciate if some experts can advise me what is this issue here..?? >> >> sw1#sh run | in aaa >> aaa new-model >> aaa authentication login tauth group tacacs+ >> aaa authentication login noauth none >> aaa session-id common >> Sw1#sh run | in tac >> Sw1#sh run | in tac >> aaa authentication login tauth group tacacs+ >> ip tacacs source-interface FastEthernet0/18 >> tacacs-server host 192.168.2.14 >> tacacs-server directed-request >> tacacs-server key cisco >> Sw1#test >> Sw1#test aaa gr >> Sw1#test aaa group t >> Sw1#test aaa group tacacs+ user1 cisco le >> Sw1#test aaa group tacacs+ user1 cisco legacy >> Attempting authentication test to server-group tacacs+ using tacacs+ >> No authoritative response from any server. >> >> SW1 has already been added to ACS server as aaa client with key cisco... >> >> Sw1#ping 192.168.2.14 (ACS server) >> >> Type escape sequence to abort. >> Sending 5, 100-byte ICMP Echos to 192.168.2.14, timeout is 2 seconds: >> !!!!! >> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms >> >> Firewall ACL hits >> access-list out line 12 extended permit tcp host 192.168.8.11 host >> 192.168.2.14 eq tacacs (hitcnt=2) 0x9e1bac37 >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_security/attachments/20110220/8e84f6d2/attachment-0001.html> > > ------------------------------ > > Message: 4 > Date: Sun, 20 Feb 2011 00:07:23 +0530 > From: Kingsley Charles <[email protected]> > To: Pemasiri Devanarayana <[email protected]> > Cc: [email protected], Piotr Matusiak > <[email protected]> > Subject: Re: [OSL | CCIE_Security] TACACS/RADIUS 0 No authoritative > response from any server. > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > Check the fail logs, what is the error message? > > > With regards > Kings > > On Sat, Feb 19, 2011 at 11:09 PM, Pemasiri Devanarayana > <[email protected]>wrote: > >> Hi All, >> >> I'm running Windows (2003) ACS server on my lab. Most of the time when I >> try to test aaa I used to get "No authoritative response from any server" >> this error, and all the time I make sure that I can access ACS server from >> the client and firewall hits are increasing when I try. I used to restart >> the ACS services (tacacs/radius) from windows services but still no luck.. >> Here is my one example. >> >> Appreciate if some experts can advise me what is this issue here..?? >> >> sw1#sh run | in aaa >> aaa new-model >> aaa authentication login tauth group tacacs+ >> aaa authentication login noauth none >> aaa session-id common >> Sw1#sh run | in tac >> Sw1#sh run | in tac >> aaa authentication login tauth group tacacs+ >> ip tacacs source-interface FastEthernet0/18 >> tacacs-server host 192.168.2.14 >> tacacs-server directed-request >> tacacs-server key cisco >> Sw1#test >> Sw1#test aaa gr >> Sw1#test aaa group t >> Sw1#test aaa group tacacs+ user1 cisco le >> Sw1#test aaa group tacacs+ user1 cisco legacy >> Attempting authentication test to server-group tacacs+ using tacacs+ >> No authoritative response from any server. >> >> SW1 has already been added to ACS server as aaa client with key cisco... >> >> Sw1#ping 192.168.2.14 (ACS server) >> >> Type escape sequence to abort. >> Sending 5, 100-byte ICMP Echos to 192.168.2.14, timeout is 2 seconds: >> !!!!! >> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms >> >> Firewall ACL hits >> access-list out line 12 extended permit tcp host 192.168.8.11 host >> 192.168.2.14 eq tacacs (hitcnt=2) 0x9e1bac37 >> >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_security/attachments/20110220/4a882dea/attachment-0001.html> > > ------------------------------ > > Message: 5 > Date: Sat, 19 Feb 2011 22:21:59 +0300 > From: Pemasiri Devanarayana <[email protected]> > To: Kingsley Charles <[email protected]>, Ruwan > Wickramanayake <[email protected]> > Cc: [email protected], Piotr Matusiak > <[email protected]> > Subject: Re: [OSL | CCIE_Security] TACACS/RADIUS 0 No authoritative > response from any server. > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > Hi Ruwan/Kings, > > Thanks for your response.. > > Ruwan: I'm not using the trail version and its licensed copy. > > Kings: forgotton to mentioned that I even not seen any log on fail logs..?. > > Regards > Pemasiri > > On Sat, Feb 19, 2011 at 9:37 PM, Kingsley Charles < > [email protected]> wrote: > >> Check the fail logs, what is the error message? >> >> >> With regards >> Kings >> >> On Sat, Feb 19, 2011 at 11:09 PM, Pemasiri Devanarayana < >> [email protected]> wrote: >> >>> Hi All, >>> >>> I'm running Windows (2003) ACS server on my lab. Most of the time when I >>> try to test aaa I used to get "No authoritative response from any server" >>> this error, and all the time I make sure that I can access ACS server from >>> the client and firewall hits are increasing when I try. I used to restart >>> the ACS services (tacacs/radius) from windows services but still no luck.. >>> Here is my one example. >>> >>> Appreciate if some experts can advise me what is this issue here..?? >>> >>> sw1#sh run | in aaa >>> aaa new-model >>> aaa authentication login tauth group tacacs+ >>> aaa authentication login noauth none >>> aaa session-id common >>> Sw1#sh run | in tac >>> Sw1#sh run | in tac >>> aaa authentication login tauth group tacacs+ >>> ip tacacs source-interface FastEthernet0/18 >>> tacacs-server host 192.168.2.14 >>> tacacs-server directed-request >>> tacacs-server key cisco >>> Sw1#test >>> Sw1#test aaa gr >>> Sw1#test aaa group t >>> Sw1#test aaa group tacacs+ user1 cisco le >>> Sw1#test aaa group tacacs+ user1 cisco legacy >>> Attempting authentication test to server-group tacacs+ using tacacs+ >>> No authoritative response from any server. >>> >>> SW1 has already been added to ACS server as aaa client with key cisco... >>> >>> Sw1#ping 192.168.2.14 (ACS server) >>> >>> Type escape sequence to abort. >>> Sending 5, 100-byte ICMP Echos to 192.168.2.14, timeout is 2 seconds: >>> !!!!! >>> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms >>> >>> Firewall ACL hits >>> access-list out line 12 extended permit tcp host 192.168.8.11 host >>> 192.168.2.14 eq tacacs (hitcnt=2) 0x9e1bac37 >>> >>> >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: </archives/ccie_security/attachments/20110219/7761ce2b/attachment.html> > > End of CCIE_Security Digest, Vol 56, Issue 60 > ********************************************* > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
