cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

5322
Views
0
Helpful
1
Replies
parakiteiz
Beginner

13011 Invalid TACACS+ request packet - posibly mismatched Shared Secrets (Deny access on

I configured ACS on one my Nexus 5000's. Afterwards I no longer had access.  I could not log in with either with the local account nor the AD account.

 

I keep getting this error below.

13011 Invalid TACACS+ request packet - possibly mismatched Shared Secrets. The error is the same as the one below.

https://supportforums.cisco.com/sites/default/files/legacy/7/5/1/119157-ACS.jpg

I can't get on the switch so I deleted the from ACS and that did not help I just get another error complaining a tacacs request from an unknown source.

Is my only choice to break in to the switch?

1 REPLY 1
NormMuelleman
Beginner

Are you trying to log in remotely to the device? The error you're getting is that the shared secrets (i.e. password) between the device and the ACS server is wrong. So, the device can't authenticate. No authentication, no access.

If you have aaa to do tacacs first, then local, and the device is connected to the network, it will continue to attempt to authenticate to tacacs. It wont let you use local.

Try and disconnect the uplink to isolate the switch, then use local admin. It will see that tacacs isn't available, and go to the local admin account. But only if you have it set up right.

Otherwise, password recovery is your friend..if you left it turned on :)

 

Content for Community-Ad