Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8509
Views
0
Helpful
1
Replies

13011 Invalid TACACS+ request packet - posibly mismatched Shared Secrets (Deny access on

parakiteiz
Level 1
Level 1

‎05-05-2014 02:23 PM - edited ‎03-10-2019 09:41 PM

I configured ACS on one my Nexus 5000's. Afterwards I no longer had access.  I could not log in with either with the local account nor the AD account.

 

I keep getting this error below.

13011 Invalid TACACS+ request packet - possibly mismatched Shared Secrets. The error is the same as the one below.

https://supportforums.cisco.com/sites/default/files/legacy/7/5/1/119157-ACS.jpg

I can't get on the switch so I deleted the from ACS and that did not help I just get another error complaining a tacacs request from an unknown source.

Is my only choice to break in to the switch?

1 person had this problem
Labels:
0 Helpful
1 Reply 1

NormMuelleman
Level 1
Level 1

‎05-08-2014 01:34 PM

Are you trying to log in remotely to the device? The error you're getting is that the shared secrets (i.e. password) between the device and the ACS server is wrong. So, the device can't authenticate. No authentication, no access.

If you have aaa to do tacacs first, then local, and the device is connected to the network, it will continue to attempt to authenticate to tacacs. It wont let you use local.

Try and disconnect the uplink to isolate the switch, then use local admin. It will see that tacacs isn't available, and go to the local admin account. But only if you have it set up right.

Otherwise, password recovery is your friend..if you left it turned on :)

 

0 Helpful
Customers Also Viewed These Support Documents