Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
826
Views
0
Helpful
2
Replies

AAA failures on 3750G running ADVIPServ 12.2(53) SE

karim.rahemat
Level 1
Level 1

‎05-05-2010 04:09 PM - edited ‎03-10-2019 05:07 PM

I am just banging my head on the wall and I can seem to figure it out.  I am trying to configure my 3750G stack to authenticate to my ACS 4.2 server.  The configuration is fine and when I look at the debugs I am getting from the switch that it selected the default profile and that is the extent of the log.  On the server I am getting a failed authentication of invalid secret key.  I have a multiple times changed the secret key to match and still getting the same issue.  I thought that it was because the source interface being a L3 port-channel and changed it to a vlan interface with the same issue.

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login noauth local

aaa authorization exec default group tacacs+ local

aaa authorization exec noauth local

aaa authorization console

!

ip tacacs source interface port-channel 1

tacacs-server timeout 5

tacacs-server host 10.224.1.181

tacacs-server key itsasecret

tacacs-server directed-request **must be a default command**

line con 0

login authentication noauth

!

line vty 0 15

login authentication default

Any help would be appreciated as I don't know if I am hitting a bug or not and searches have turned up nothing.

Regards,

Karim

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-05-2010 04:49 PM

On ACS server, please check that you do not have a different secret key under NDG (Network Device Group) which is the likelihood of the error message that you are getting with regards to invalid secret key.

0 Helpful

karim.rahemat
Level 1
Level 1
In response to Jennifer Halim

‎05-05-2010 05:37 PM

I looked into that and deleted whatever key was in there and made sure teh client had a proper key.  This gave me the same error so I deleted client to try again with the same results.  I also deleted the NDG and recreated a new one with no success.  Still getting the invalid key error within ACS's failed logs.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents