تصور می کنم شاید مشکل از Encryption Key (همان Secret Key) باشد.
The encryption key (secret key)
Both TACACS+ and RADIUS can encrypt the communication between the NASes and the authentication server using specific encryption algorithms that use a secret key shared between the NASes and the server. This key (sometimes called encryption key, secret key or simply secret) is a simple alphanumeric string, just like a password (case sensitive) and it must be configured manually by the network administrator both in the NAS and in the server.
An encrypted communication blocks (or at least reduces the possibilities) the interception of RADIUS/TACACS+ packets (containing passwords and usernames) sniffed during the communication between the NAS and the server.
NOTE: a wrong (or missing) encryption key setup will result in no communication between the NAS and the authentication server, producing impredictable results. We suggest to verify always carefully the configuration of the encryption keys.
Setting encryption keys in NTTacPlus
NTTacPlus can operate in two ways with the encryption keys:
• NTTacPlus can use a global encryption key used to communicate with all the NASes, except with those that appear explicitly with their own key in the NAS list
• NTTacPlus can discard any NAS request not coming from a NAS included in the NAS list
In the first case NTTacPlus can accept requests from any NAS without restrictions. When NTTacPlus receives a query, it looks for an encryption key configured for the requesting NAS. If NTTacPlus cannot find a specific key, it uses the global key (the default one).
In the second case, when NTTacPlus receives a query from a NAS, it looks for a key for that NAS and if it the key is not configured then NTTacPlus will immediately discard the request.
To configure the encryption keys in NTTacPlus, login in the Remote Console, select Tools/Options (F8) menu then choose the Secret section.
If Restrict NAS access to configured IP addresses only is disabled, then NTTacPlus is configured to run in the first mode (using the default global key for any NAS query if a suitable encryption key has not been found).
If Restrict NAS access to configured IP addresses only is enabled, then NTTacPlus is configured to run in the second mode (it looks for a specific key. If it is not found then NTTacPlus will reject the query)
WARNING: NTTacPlus Console works just like a NAS. This means that the Console follows the same encryption rules. If you plan to configure a list of NASes to restrict the access to NTTacPlus and want to run the Console on the same host running the server, you MUST INCLUDE in that list also the IP address of the server itself . Furthermore when you need to login to the Remote Console you must use the same encryption key configured in NTTacPlus.
If you are logged into the server and plan to change the encryption key, you must logoff and then logon again with the new encryption key.
If something goes wrong with the encryption key setup, read the chapter Configuring NTTacPlus manually.