Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
757
Views
0
Helpful
3
Replies

Tacacs authentication with ACE appliance not working

matt.eason
Level 1
Level 1

‎01-19-2011 06:39 PM - edited ‎03-10-2019 05:44 PM

Hi All,

I'm having trouble with a Cisco ACE 4710 appliance using tacacs to authenticate ssh/telnet remote users. Following the CCO documentation we have configured the backend tacacs server (Cisco Secure ACS) and setup the ACE with the required configuration.

tacacs-server key 7 "letmein"

tacacs-server host 192.168.1.1 timeout 5

aaa group server tacacs+ ACStac

  server 192.168.1.1

aaa authentication login default group ACStac local

So far no luck in successfully authenticating any users. I can see in the log on the ACS a key mismatch error however I have 100% verified the keys are identical, im thinking this may be a bug?

Furthermore when I paste in the tacacs-server key it gets converted to a type 7 in the running configuration even though I use the no encryption option. Anyone have any ideas? The ACE is running version A3(2.3)

Thanks in advance

Labels:
0 Helpful
3 Replies 3

andamani
Cisco Employee
Cisco Employee

‎01-19-2011 08:16 PM

hi,

Do you have  a shared secret defined for the NDG in which this ACE is configured as a AAA client?

Regards,

Anisha

0 Helpful

matt.eason
Level 1
Level 1
In response to andamani

‎01-19-2011 08:41 PM

Yes the NDG does have a shared secret. FYI I just tried using this value but still getting key

mismatch.

0 Helpful

andamani
Cisco Employee
Cisco Employee
In response to matt.eason

‎01-19-2011 09:56 PM

Hi Matt,

Please remove the shared secret of teh NDG and test.

Regards,
Anisha

P.S.: please rate this post if ypou feel your query is answered

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents