Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
232
Views
0
Helpful
1
Replies

Secure ACS to control AAA for our Cisco Prime 3.1 and SSH failure

Not applicable

‎08-16-2017 09:52 PM - last edited on ‎03-11-2019 12:57 AM by

Anyone help me,i installed Cisco Prime 3.1 and integrated it with ACS 4.0 for  Tacacus+ server AAA control

but now the username / Password keeps expiring making PI not to poll devices automatically and even adding manually

last inventory collection status showing ;wrong cli credential, Partial collection failure.

From Cisco Prime 3.1 i can ping reachable devices but can not ssh to them.

Labels:
Preview file
358 KB
0 Helpful
1 Reply 1

andrewswanson
Level 7
Level 7

‎08-17-2017 10:58 AM

Hi

I assume your switches have TACAC+ configured to authenticate users using TACACS+ first (using your ACS) and falling back to using local credentials if ACS is unavailable.

It sounds like your Prime server is setup to use the switch's local credentials - check your ACS logs to see if this is the case.

hth
Andy

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents