beautypg.com

Cisco 3.3 User Manual

Page 656

background image

Appendix A Troubleshooting

Dial-in Connection Issues

A-12

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

A dial-in user cannot
connect to the AAA
client.

The CiscoSecure user
database is being used
for authentication.

A record of a failed
attempt is displayed in
the Failed Attempts
Report (in the Reports
& Activity section,
click Failed
Attempts
).

From within Cisco Secure ACS confirm the following:

The username has been entered into Cisco Secure ACS.

CiscoSecure user database is selected from the Password Authentication
list and a password has been entered in User Setup for the user.

The Cisco Secure ACS group to which the user is assigned has the correct
authorization enabled (such as IP/PPP, IPX/PPP or Exec/Telnet). Be sure
to click Submit + Restart if a change has been made.

Expiration information has not caused failed authentication. Set to
Expiration: Never for troubleshooting.

A dial-in user cannot
connect to the AAA
client; however, a
Telnet connection can
be authenticated
across the LAN.

The problem is isolated to one of three areas:

Line/modem configuration problem. Review the documentation that came
with your modem and verify that the modem is properly configured.

The user is not assigned to a group that has the correct authorization
rights. Authorization rights can be modified under Group Setup or User
Setup. User settings override group settings.

The Cisco Secure ACS or TACACS+ or RADIUS configuration is not
correct in the AAA client.

Additionally, you can verify Cisco Secure ACS connectivity by attempting to
Telnet to the access server from a workstation connected to the LAN. A
successful authentication for Telnet confirms that Cisco Secure ACS is
working with the AAA client.

Condition

Recovery Action