Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5778
Views
20
Helpful
4
Replies

ISE - Invalid TACACS+ authorization request packet

Go to solution
ziqex
Level 4
Level 4

‎03-22-2022 03:15 AM

Hi,

I am unable to authenticate with ISE. I have to use local credentials.

The error in ISE for the event states: 

Message Text Failed-Attempt: TACACS+ Authorization failed
Failure Reason 13078 Invalid TACACS+ authorization request packet - possibly malformed packet

 

ip tacacs source-interface was defined but that did not resolve the issue.

 

Thank you.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to ziqex

‎03-23-2022 03:12 PM

From what I've seen, this is typically due to a mismatch of the shared secret. You might have a look at a similar discussion with some suggestions here.
https://community.cisco.com/t5/network-access-control/ise-2-6-0-156-patch-7-error-13078/td-p/4143326

 

View solution in original post

4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-22-2022 03:45 AM - edited ‎03-22-2022 04:20 AM

EDIT :

is this only for 1 device, all the devices ?

Can you post the config on the device ?

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
ziqex
Level 4
Level 4
In response to balaji.bandi

‎03-22-2022 03:49 AM

The thread from the link refers to the nexus devices. 

Nexus devices require specific shell profiles and different config compare to the IOS firmware devices. 

I have the problem with the WS-C2960C-12PC-L appliance.

Thank you.

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to ziqex

‎03-23-2022 03:12 PM

From what I've seen, this is typically due to a mismatch of the shared secret. You might have a look at a similar discussion with some suggestions here.
https://community.cisco.com/t5/network-access-control/ise-2-6-0-156-patch-7-error-13078/td-p/4143326

 

Go to solution
ziqex
Level 4
Level 4
In response to balaji.bandi

‎03-28-2022 01:26 AM

Only one device affected so far, over 50 moved from ACS to ISE without problems.

 

config:

 

aaa authentication login LIST group TACACS local
aaa authentication enable default group TACACS enable
aaa authorization exec LIST group TACACS local
aaa authorization commands 1 LIST group TACACS local
aaa authorization commands 15 LIST group TACACS local
aaa authorization config-commands
aaa authorization console
aaa accounting exec LIST start-stop group TACACS
aaa accounting commands 1 LIST start-stop group TACACS
aaa accounting commands 15 LIST start-stop group TACACS
aaa accounting send stop-record authentication failure

 

aaa group server tacacs+ TACACS
server name 01
server name 02

 

tacacs server 01
address ipv4 10.11.22.33
key 7 xyz
tacacs server 02
address ipv4 10.11.22.34
key 7 xyz

 

aaa new-model
aaa session-id common

 

line vty 0 4
exec-timeout 5 0
privilege level 15
authorization exec LIST
accounting commands 15 LIST
accounting exec LIST
logging synchronous
login authentication LIST
length 0
transport input ssh
line vty 5 15
exec-timeout 5 0
privilege level 15
authorization exec LIST
accounting commands 15 LIST
accounting exec LIST
logging synchronous
login authentication LIST
length 0
transport input ssh

 

Thanks

0 Helpful
Customers Also Viewed These Support Documents