Re: Tacacs-server key working in some Cisco switches for AAA, bu

ciscochik23 · ‎08-28-2012

Good day,

Has anyone experienced this before? I am using Cisco ACS 5.2. I have a very simple word (no, not cisco ) for my tacacs-server key. I've used the same key within the ACS and on two other Cisco switches, and AAA is working fine between the two switches; however, in setting up the key via the ACS and on a third Cisco switch and using PuTTY, I'm getting the error of "Access Denied. Using keyboard-interactive authentication."

I've re-entered the simple tacacs key multiple times within the ACS and on the switch making sure to not fat finger or misspell it.

I don't think there is a problem with the AAA setup I have within the switches as all of the AAA configs are the same on every switch we have.

Any other possible ideas anyone can suggest?

Cliffs:

-tacacs-server key is a simple key and is the same for every switch and within ACS

-AAA config is the same on every switch, so I do not believe it to be a AAA config issue

-Running config on switch that is not working is pretty much the same as the other two working switches

Any advice is greatly appreciated.

Thanks,

Y

Karsten Iwen · ‎08-28-2012

The Authentication-Log on the ACS should give you a hint.

ciscochik23 · ‎08-28-2012

Hi, and thank you for your reply back; however, when I got into the Authentication logs, I see nothing, like it's not even logging the failed attempts.

Karsten Iwen · ‎08-28-2012

Then I would assume a communication problem between the switch and the ACS. Typo in the address in ACS? What output does "debug tacacs" give you?

Tacacs-server key working in some Cisco switches for AAA, but not in other switches???