cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8527
Views
21
Helpful
4
Replies

ISE - Invalid TACACS+ authorization request packet

ziqex
Level 4
Level 4

Hi,

I am unable to authenticate with ISE. I have to use local credentials.

The error in ISE for the event states: 

Message Text Failed-Attempt: TACACS+ Authorization failed
Failure Reason 13078 Invalid TACACS+ authorization request packet - possibly malformed packet

 

ip tacacs source-interface was defined but that did not resolve the issue.

 

Thank you.

 

1 Accepted Solution

Accepted Solutions

From what I've seen, this is typically due to a mismatch of the shared secret. You might have a look at a similar discussion with some suggestions here.
https://community.cisco.com/t5/network-access-control/ise-2-6-0-156-patch-7-error-13078/td-p/4143326

 

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

EDIT :

is this only for 1 device, all the devices ?

Can you post the config on the device ?

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

The thread from the link refers to the nexus devices. 

Nexus devices require specific shell profiles and different config compare to the IOS firmware devices. 

I have the problem with the WS-C2960C-12PC-L appliance.

Thank you.

From what I've seen, this is typically due to a mismatch of the shared secret. You might have a look at a similar discussion with some suggestions here.
https://community.cisco.com/t5/network-access-control/ise-2-6-0-156-patch-7-error-13078/td-p/4143326

 

Only one device affected so far, over 50 moved from ACS to ISE without problems.

 

config:

 

aaa authentication login LIST group TACACS local
aaa authentication enable default group TACACS enable
aaa authorization exec LIST group TACACS local
aaa authorization commands 1 LIST group TACACS local
aaa authorization commands 15 LIST group TACACS local
aaa authorization config-commands
aaa authorization console
aaa accounting exec LIST start-stop group TACACS
aaa accounting commands 1 LIST start-stop group TACACS
aaa accounting commands 15 LIST start-stop group TACACS
aaa accounting send stop-record authentication failure

 

aaa group server tacacs+ TACACS
server name 01
server name 02

 

tacacs server 01
address ipv4 10.11.22.33
key 7 xyz
tacacs server 02
address ipv4 10.11.22.34
key 7 xyz

 

aaa new-model
aaa session-id common

 

line vty 0 4
exec-timeout 5 0
privilege level 15
authorization exec LIST
accounting commands 15 LIST
accounting exec LIST
logging synchronous
login authentication LIST
length 0
transport input ssh
line vty 5 15
exec-timeout 5 0
privilege level 15
authorization exec LIST
accounting commands 15 LIST
accounting exec LIST
logging synchronous
login authentication LIST
length 0
transport input ssh

 

Thanks