As with any hardware or software product, sometimes you need to troubleshoot issues. Depending on the type of failure, there are procedures to help with your troubleshooting. Authentication FailuresFigure 5.9 shows the main reports window that you can use to access the Failed Attempts report. Figure 5.9. Failed Attempts report.
If there is no entry in the failed attempts report, you will have to do a little bit more digging. First, ensure that you have connectivity from the NAS to the ACS. If using an external database server, ensure that you have connectivity from the ACS to the external database server. Have you configured AAA accounting on the router? Have you configured the NAS correctly by defining the ACS with the tacacs-server command or the radius-server command? Have you configured the NAS in the ACS?
Authorization FailuresEnsure that you have properly configured the ACS to provide for service authorization. The "proxyacl" entries define the user access privileges on the ACS. You configure these proxyacl entries, and these entries are similar to access lists in format. A sample entry in the ACS might be proxyacl#1=permit tcp any any eq 80 . Figure 5.10 shows a sample configuration using proxyacls for a group. Users can then be placed in this specific group and be authorized to perform only specific activities that you define with the proxyacl statements. Figure 5.10. Proxyacls.
|