Tacacs authentication with ACE appliance not working

matt.eason · ‎01-19-2011

Hi All,

I'm having trouble with a Cisco ACE 4710 appliance using tacacs to authenticate ssh/telnet remote users. Following the CCO documentation we have configured the backend tacacs server (Cisco Secure ACS) and setup the ACE with the required configuration.

tacacs-server key 7 "letmein"

tacacs-server host 192.168.1.1 timeout 5

aaa group server tacacs+ ACStac

server 192.168.1.1

aaa authentication login default group ACStac local

So far no luck in successfully authenticating any users. I can see in the log on the ACS a key mismatch error however I have 100% verified the keys are identical, im thinking this may be a bug?

Furthermore when I paste in the tacacs-server key it gets converted to a type 7 in the running configuration even though I use the no encryption option. Anyone have any ideas? The ACE is running version A3(2.3)

Thanks in advance

andamani · ‎01-19-2011

hi,

Do you have a shared secret defined for the NDG in which this ACE is configured as a AAA client?

Regards,

Anisha

matt.eason · ‎01-19-2011

Yes the NDG does have a shared secret. FYI I just tried using this value but still getting key

mismatch.

andamani · ‎01-19-2011

Hi Matt,

Please remove the shared secret of teh NDG and test.

Regards,
Anisha

P.S.: please rate this post if ypou feel your query is answered