Solved: > Important to get the key to

ohareka70 · ‎05-22-2015

Hello,

I am trying to add config to a Cisco Firewall 5585 on the command line to I can login via TACACs and only fall back to local password if required. Local password works ok but not the TACACs account.

svrCiscoACS is my TACACs server on the corporate network (10.1.2.3)

aaa-server acs2_3 protocol radius
accounting-mode simultaneous
aaa-server acs2_3 (inside) host svrCiscoACS
key PASS
aaa-server acs2 protocol radius
accounting-mode simultaneous
aaa-server acs2 (inside) host svrCiscoACS
key PASS

user-identity default-domain LOCAL

aaa authentication enable console acs2_3 LOCAL
aaa authentication http console acs2_3
aaa authentication ssh console acs2_3 LOCAL
aaa authentication serial console acs2_3 LOCAL

Karsten Iwen · ‎05-22-2015

not sure what you tried, but the ASA-config for TACACS looks like the following:

aaa-server TAC protocol tacacs+
aaa-server TAC (inside) host 10.1.2.3
 key YOUR-SHARED-KEY
!
aaa authentication ssh console TAC LOCAL
aaa authentication http console TAC LOCAL

View solution in original post

Karsten Iwen · ‎05-22-2015

not sure what you tried, but the ASA-config for TACACS looks like the following:

aaa-server TAC protocol tacacs+
aaa-server TAC (inside) host 10.1.2.3
 key YOUR-SHARED-KEY
!
aaa authentication ssh console TAC LOCAL
aaa authentication http console TAC LOCAL

ohareka70 · ‎05-27-2015

I added in the line for radius i.e. aaa-server TAC protocol radius

.. and it worked ok. Important to get the key to match with the one on the radius server but all is good.

Thanks for the advice

Karsten Iwen · ‎05-27-2015

> Important to get the key to match with the one on the radius server but all is good

That's the reason it's called a "shared secret" ... ;-)

TACACs not working on Firewall device