08-28-2012 09:10 AM - edited 02-21-2020 04:43 AM
Good day,
Has anyone experienced this before? I am using Cisco ACS 5.2. I have a very simple word (no, not cisco ) for my tacacs-server key. I've used the same key within the ACS and on two other Cisco switches, and AAA is working fine between the two switches; however, in setting up the key via the ACS and on a third Cisco switch and using PuTTY, I'm getting the error of "Access Denied. Using keyboard-interactive authentication."
I've re-entered the simple tacacs key multiple times within the ACS and on the switch making sure to not fat finger or misspell it.
I don't think there is a problem with the AAA setup I have within the switches as all of the AAA configs are the same on every switch we have.
Any other possible ideas anyone can suggest?
Cliffs:
-tacacs-server key is a simple key and is the same for every switch and within ACS
-AAA config is the same on every switch, so I do not believe it to be a AAA config issue
-Running config on switch that is not working is pretty much the same as the other two working switches
Any advice is greatly appreciated.
Thanks,
Y
08-28-2012 09:26 AM
The Authentication-Log on the ACS should give you a hint.
08-28-2012 11:25 AM
Hi, and thank you for your reply back; however, when I got into the Authentication logs, I see nothing, like it's not even logging the failed attempts.
08-28-2012 12:47 PM
Then I would assume a communication problem between the switch and the ACS. Typo in the address in ACS? What output does "debug tacacs" give you?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide