https://community.cisco.com/t5/network-access-control/tacacs-login-problem-on-acs-4-0/m-p/786992#M409027 <HTML><HEAD></HEAD><BODY><P>Please check,</P><P></P><P>ACS---&gt;Network configuration----&gt; NDG (where you have this switch) ----&gt; Edit Properties----&gt; Remove key.</P><P></P><P></P><P>NDG key overwrites aaa client key.</P><P></P><P></P><P>Regards</P><P>~JG</P></BODY></HTML> Mon, 03 Sep 2007 12:59:30 GMT Jagdeep Gambhir 2007-09-03T12:59:30Z https://community.cisco.com/t5/network-access-control/tacacs-login-problem-on-acs-4-0/m-p/786991#M409026 <P>I configured the ACS box with a LAN infrastructure client including the correct client ip addresses of the devices, a key and set to authenticate using TACACS+. I configured a test user in the local ACS Internal database. I then configured a switch with the ACS IP address and the correct key. When I then try to login to the switch it fails and the following is logged in in the ACS failed attempts log:</P><P> </P><P>08/29/2007 11:39:22 Authen failed .. Default Group .. (Default) Key Mismatch .. .. .. x.x.x.x.. .. .. .. .. LAN-Switches LAN-Infrastructure </P><P></P><P> </P><P>I have triple checked that the keys are correct and yet the reason listed for failure is a key mismatch. I don't know if I've got something wrong in the config or if there is a bug.</P><P> </P><P>Cisco switch config:</P><P> </P><P>aaa new-model</P><P>aaa authentication attempts login 5</P><P>aaa authentication login default group tacacs+ local</P><P>aaa authentication login console local</P><P>aaa authentication enable default group tacacs+ enable</P><P>aaa authorization exec default group tacacs+ if-authenticated</P><P>aaa authorization commands 15 default group tacacs+ if-authenticated</P><P>aaa authorization commands 15 no_tacacs none</P><P>aaa accounting exec default start-stop group tacacs+</P><P>aaa accounting commands 15 default start-stop group tacacs+</P><P>!</P><P>tacacs-server host x.x.x.x</P><P>no tacacs-server directed-request</P><P>tacacs-server key xxx</P><P>radius-server source-ports 1645-1646</P><P> </P><P>ACS version:</P><P> </P><P>CiscoSecure ACS</P><P>Release 4.0(1) Build 44</P><P> </P><P>what could be worng</P> Sun, 10 Mar 2019 22:22:09 GMT https://community.cisco.com/t5/network-access-control/tacacs-login-problem-on-acs-4-0/m-p/786991#M409026 okanlawon.ayodeji 2019-03-10T22:22:09Z https://community.cisco.com/t5/network-access-control/tacacs-login-problem-on-acs-4-0/m-p/786992#M409027 <HTML><HEAD></HEAD><BODY><P>Please check,</P><P></P><P>ACS---&gt;Network configuration----&gt; NDG (where you have this switch) ----&gt; Edit Properties----&gt; Remove key.</P><P></P><P></P><P>NDG key overwrites aaa client key.</P><P></P><P></P><P>Regards</P><P>~JG</P></BODY></HTML> Mon, 03 Sep 2007 12:59:30 GMT https://community.cisco.com/t5/network-access-control/tacacs-login-problem-on-acs-4-0/m-p/786992#M409027 Jagdeep Gambhir 2007-09-03T12:59:30Z https://community.cisco.com/t5/network-access-control/tacacs-login-problem-on-acs-4-0/m-p/786993#M409028 <HTML><HEAD></HEAD><BODY><P>JG, Many thanks. The issue has been resolved now.</P><P></P><P>Thanks</P></BODY></HTML> Tue, 04 Sep 2007 13:22:16 GMT https://community.cisco.com/t5/network-access-control/tacacs-login-problem-on-acs-4-0/m-p/786993#M409028 okanlawon.ayodeji 2007-09-04T13:22:16Z https://community.cisco.com/t5/network-access-control/tacacs-login-problem-on-acs-4-0/m-p/786994#M409029 <HTML><HEAD></HEAD><BODY><P>Thanks jgambhir,</P><P>This solved a problem that I was having authenticating Management Access on a WLC4402 controller to an ACS 4.1, my NDG contained the same password that I used for my router devices, and this was my first non router device.</P><P></P><P>Regards,</P><P>Charlie</P><P></P></BODY></HTML> Sun, 06 Jan 2008 22:58:37 GMT https://community.cisco.com/t5/network-access-control/tacacs-login-problem-on-acs-4-0/m-p/786994#M409029 charlie-hall 2008-01-06T22:58:37Z