i found out the commands i.e. show uauth . When I use radius to authenticate with the ACS server it works fine however when I use TACACS to authenticate , it gets authenticated but I dont see any downloaded ACL . Using Radius i can see the dynamic acl in show access-list and show uauth
Configuration on ACS would be same i.e. create a downloadble acl in shared profile and associate it to a user . any clues ? From: [email protected] To: [email protected] Date: Wed, 18 Jan 2012 20:17:10 +0500 Subject: [OSL | CCIE_Security] Cut Through ASA I am working on Cut Through Proxy on ASA and I ran the Debug tacacs and saw following output Rack1ASA1# Doing aaa for user proxy, session id 2147483658mk_pkt - type: 0x1, session_id: 7 user: proxy Tacacs packet sent Sending TACACS Start message. Session id: 7, seq no:1 Received TACACS packet. Session id:1539013004 seq no:2 tacp_procpkt_authen: GETPASSmk_pkt - type: 0x1, session_id: 7mkpkt_continue - response: *** Tacacs packet sent Sending TACACS Continue message. Session id: 7, seq no:3 Received TACACS packet. Session id:1539013004 seq no:4 tacp_procpkt_authen: PASSTACACS Session finished. Session id: 7, seq no: 3user: proxy authenticated, session id: 2147483658 Which actually means that the Proxy session was authenticated . I had attached a Downloadble ACL with the user profile which was to be downloaded . When I do show access-list I dont see any extra ACL there . We can see the temp. downloadble ACL in show access-list or there are other commands to check that ACL _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
