Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2991
Views
0
Helpful
9
Replies

AAA not encrypting

ateeqs.net
Level 1
Level 1

‎06-15-2011 10:48 PM - edited ‎03-07-2019 12:50 AM

Hi All,

i am adding the device into ACS, but the tacacs server host xx xx xx key 0 xx xx xx is not getting encrypted and my device is not communicating with tacacs+, Please some on help me.

When i do show running, there i can see the key which we have given is not encrypted becuase of this device not communciating with tacacs.

Waiting for your valuable input. thanks in advance.

A

Labels:
0 Helpful
9 Replies 9

ateeqs.net
Level 1
Level 1

‎06-15-2011 10:52 PM

One thing i want to add here i am using ios version 12.1(19)EW1.

0 Helpful

lgijssel
Level 9
Level 9
In response to ateeqs.net

‎06-15-2011 11:09 PM

Using the leading 0 before the key only causes it to stay in the config as clear text.

This is not affecting the operation of tacacs as long as the key -and everything else- is correctly configured.

Please check your aaa config lines, eventually compare them with another box that is already working.

Probably there is a type somewhere.

regards,

Leo

0 Helpful

ateeqs.net
Level 1
Level 1
In response to lgijssel

‎06-16-2011 12:26 AM

Hi,

Thanks for your response,

I checked the configuration but didnt find any missing, only can see is the ios difference,

12.1(14r)EA1 (Not working)

Version 12.2(25r)SEB ( working)

Any input would be great appreciated.

Thank you very much.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to ateeqs.net

‎06-16-2011 01:50 AM

Hi,

So the communication with ACS is failing? Can you do a debug aaa authentication and post result here.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

ateeqs.net
Level 1
Level 1
In response to cadet alain

‎06-16-2011 02:23 AM

Swich1#debug aaa authentication

AAA Authentication debugging is on

Swich1#

After debug i dont see any logs

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to ateeqs.net

‎06-16-2011 02:53 AM

Hi,

Can you post output of show log command ? How are you connected? console or remote because if remote you have issue terminal monitor command to see debugs.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

Antonio Knox
Level 7
Level 7

‎06-16-2011 04:45 AM 

When i do show running, there i can see the key which we have given is not encrypted becuase of this device not communciating with tacacs.

If seeing a non-encrypted password in your running configuration is your issue here, then issue a

Switch1(config)# service password-encryption

That should encrypt the password in your running config.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎06-16-2011 04:52 AM

A

Your original post seems to believe that the TACACS server key not being encrypted is due to (or perhaps is causing) your router not working with the server. This is not the case. Whether the server key is encrypted or not depends on whether you have configured service password-encryption and on what version of code you are running. In earlier versions of IOS the server key is always in the clear and in more recent versions the key may be encrypted.

If the router is not working with TACACS then the output of show TACACS might be helpful. Also you might try something on the router that should use TACACS and then look in the logs of the server and see if there is an error message that could help identify the problem.

HTH

Rick

Sent from Cisco Technical Support iPhone App

HTH

Rick
0 Helpful

Kelvin Willacey
Level 4
Level 4
In response to Richard Burts

‎06-16-2011 08:02 AM

Have you checked the reports/logs in ACS? It should give you a very good idea of what the problem is, I would focus there first.

0 Helpful
Customers Also Viewed These Support Documents