cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
1335
Views
0
Helpful
2
Replies
darrenriley5
Beginner

Can't get TACACS+ working on Nexus 7000

Hi,

I'm having great  difficulty getting tacacs working on my Nexus 7000. Config on nexus is

feature tacacs+

tacacs-server key 7 "test"
tacacs-server host 10.128.46.50
aaa group server tacacs+ TacServer
    server 10.128.46.50

aaa authentication login default group TacServer
aaa accounting default group TacServer

On the Cisco ACS software it say there is a key mismatch but the keys match. Any ideas as I'm stuck?

2 REPLIES 2
ansalaza
Beginner

Couple things to look at:

Try removing the number seven out of this line:
tacacs-server key 7 "test"

If required to put an encryption set it to cero instead, which means plain text.

If you have Network Device Groups on the ACS, the NDG Shared Secret takes precedence over the key specified at the Client level.

HTH,

Thanks for your help, TACACS must be working now as if I enter a wrong password it records this on the ACS server. the problem now is when I enter my user name and password I get an access denied, aa config below.

Nexus

aaa authentication login default group TacServer
aaa accounting default group TacServer

On our IOS router and switches we have the following aaa config which we use to enter our windows user name and passwords for login then enable.

aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable

Thanks

Darren