Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5807
Views
0
Helpful
2
Replies

tacacs config on ASR 1001

yanliu2007
Level 1
Level 1

‎07-20-2011 11:14 AM - edited ‎03-10-2019 06:14 PM

Hi all,

I'm trying to configure Tacacs on Cisco ASR1001, and the Tacacs server is Cisco ACS v3.3, the ACS won't pass the authentication, complaining bad request from NAS, key mismatch - which I compared millions of times on both ASR and ACS sides. below is my config, did I miss anything?

cisco ASR1001, version IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSAL-M), Version 15.1(1)S

aaa new-model

aaa group server tacacs+ TACACS

server-private 192.168.10.20 key 7 xxxx

ip vrf forwarding Mgmt-intf

aaa authentication login default group TACACS local

aaa authorization config-commands

aaa authorization commands 1 default group TACACS if-authenticated

aaa authorization commands 15 default group TACACS if-authenticated

ip tacacs source-interface GigabitEthernet0

Labels:
0 Helpful
2 Replies 2

Javier Henderson
Level 4
Level 4

‎07-21-2011 04:50 AM

Hello,

Are you using Network Device Groups on your ACS configuration? If so, please check the group settings for a shared secret, if defined it will take precedence over any keys assigned to each individual AAA client contained within that group.

0 Helpful

yanliu2007
Level 1
Level 1
In response to Javier Henderson

‎07-21-2011 11:14 AM

Thanks Javier,

we reset the shared key many times and by reboot the ACS made it work. thank you.

0 Helpful
Customers Also Viewed These Support Documents