Cisco Cisco Secure Access Control System 5.2 Troubleshooting Guide

The ACS 5.1 TACACS accounting report misses a few attributes such as username, privilege level, and
Request−Type when it receives a malformed accounting packet from the client. In some cases, this leads to
the generation of "Store failure (acs−xxx, TacacsAccounting)" alarm in View. In order to resolve this, verify
the following:

Accounting packet sent by the client has a malformed TACACS argument (for example, mismatch in
length and value of any of the argument sent by AAA client).

• 

Ensure that the client sends a valid accounting packet with proper length and value for the arguments.

• 

Refer to Cisco bug ID CSCte88357 (registered customers only) for more information.

Verify the following:

Check whether the Shared secrets on the AAA client and ACS server match.

• 

Ensure that the AAA client and the network device have no hardware problems or problems with
RADIUS compatibility.

• 

Ensure that the network that connects the device to the ACS has no hardware problems.

• 

Accounting request was dropped because it was received via an unsupported UDP port number. Verify the
following:

Ensure that the accounting port number configuration on the AAA client and on the ACS server
match.

• 

Ensure that the AAA client has no hardware problems or problems with RADIUS compatibility.

• 

The ACS cannot validate the Authenticator field in the header of the RADIUS Accounting−Request packet.
The Authenticator field must not be confused with the Message−Authenticator RADIUS attribute. Ensure that
the RADIUS Shared Secret configured on the AAA client matches that configured for the selected Network