01-19-2011 06:39 PM - edited 03-10-2019 05:44 PM
Hi All,
I'm having trouble with a Cisco ACE 4710 appliance using tacacs to authenticate ssh/telnet remote users. Following the CCO documentation we have configured the backend tacacs server (Cisco Secure ACS) and setup the ACE with the required configuration.
tacacs-server key 7 "letmein"
tacacs-server host 192.168.1.1 timeout 5
aaa group server tacacs+ ACStac
server 192.168.1.1
aaa authentication login default group ACStac local
So far no luck in successfully authenticating any users. I can see in the log on the ACS a key mismatch error however I have 100% verified the keys are identical, im thinking this may be a bug?
Furthermore when I paste in the tacacs-server key it gets converted to a type 7 in the running configuration even though I use the no encryption option. Anyone have any ideas? The ACE is running version A3(2.3)
Thanks in advance
01-19-2011 08:16 PM
hi,
Do you have a shared secret defined for the NDG in which this ACE is configured as a AAA client?
Regards,
Anisha
01-19-2011 08:41 PM
Yes the NDG does have a shared secret. FYI I just tried using this value but still getting key
mismatch.
01-19-2011 09:56 PM
Hi Matt,
Please remove the shared secret of teh NDG and test.
Regards,
Anisha
P.S.: please rate this post if ypou feel your query is answered
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: