I see the same thing if tacacs is not running or not reachable. I assume that socket open/closes just refers to the local device opening a port to connect from. Explanation is below, I would think that failed attempts would increment...
http://www.cisco.com/en/US/partner/docs/ios/security/command/reference/sec_s5.html#wp1081799 On Wed, Mar 24, 2010 at 12:36 PM, Steve Shaw <[email protected]> wrote: > I've been testing this on a couple different flavors of 12.4T and even 15.0 > and I've been getting the same behavior. > > Basic tacacs config where the tacacs server is unreachable. > > tacacs-server host 1.1.1.1 > tacacs-server key ipexpert > > Now when I try to test a bogus user account: > > Router#test aaa group tacacs+ test test new-code > User rejected > > Weird....and then when I look at the connection statistics regarding the > tacacs server, I see a socket open and close such as you would see with a > successful tcp connect. I would expect to see a failed connect attempt > register: > > Router#sh tacacs > > Tacacs+ Server : 1.1.1.1/49 > Socket opens: 2 > Socket closes: 2 > Socket aborts: 0 > Socket errors: 0 > Socket Timeouts: 0 > Failed Connect Attempts: 0 > Total Packets Sent: 0 > Total Packets Recv: 0 > > I do not see the same behavior with a radius group configured. The radius > server is marked as unreachable as expected. > > Can someone clarify this for me? I combed through the config docs and tried > google but am not having any luck. > > Thanks, > > Steve > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- Bryan Bartik CCIE #23707 (R&S, SP), CCNP Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
