cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2889
Views
0
Helpful
5
Replies

Cisco Catalyst 9500 tacacs key

beta_admin66
Level 1
Level 1

I get error message when configuring the key of the Tacacs server on the Cisco Catalyst 9500, first used the Password Type 7:

WARNING: Command has been added to the configuration using a type 5 password. However, type 5 passwords will soon be deprecated. Migrate to a supported password type.

Then I changed the password type to 6:

Host name (config-server-tacacs) #key 6 xxxx
% Invalid encrypted key: xxxx

If I set the passway location Type to 0, I will still receive this error message when I start the switch.

Can you help?

 

5 Replies 5

Mark Malone
VIP Alumni
VIP Alumni
Hi
have you tried to set it this way as an option does it work ?

aaa group server tacacs+ xtacacs
server-private 172.x.x.x key 7 1214402D204E045D287C7275607406583642422678
server-private 172.x.x.x key 7 0009563C361E035F0D761A135A58215C235F4D2304
ip tacacs source-interface x

Hello,

I have inverted these commands:

tacacs server xxx
 address ipv4 xxx
 key xxx

WARNING: Command has been added to the configuration using a type 7 password. However, type 7 passwords will soon be deprecated. Migrate to a supported password type

 

Also I entered this commands:

server-private ip-address key 7 xxx

Also I receive this error-message:

WARNING: Command has been added to the configuration using a type 7 password. However, type 7 passwords will soon be deprecated. Migrate to a supported password type

 

 

 

 

Im just wondering should be under AAA like mine we had issues like that on newer software on 4ks and 3ks too , its all unified software IOS-XE so should work like that

alot of tacacs commands were deprecated in newer releases , worth a shot


aaa new-model
!
!
aaa group server tacacs+ xtacacs
server-private 172.x.x.x key 7 1214402D204E045D287C7275607406583642422678
server-private 172.x.x.x key 7 0009563C361E035F0D761A135A58215C235F4D2304
ip tacacs source-interface Vlan2225
!
!
aaa authentication login default group xtacacs local enable
aaa authentication enable default group xtacacs enable
aaa authorization exec default group xtacacs local
aaa accounting exec default start-stop group xtacacs
aaa accounting commands 0 default start-stop group xtacacs
aaa accounting commands 1 default start-stop group xtacacs
aaa accounting commands 15 default start-stop group xtacacs
aaa accounting network default start-stop group xtacacs
aaa accounting connection default start-stop group xtacacs
aaa accounting system default start-stop group xtacacs

Hello,

how can the bug be fixed?

 

Thank you.

Its not a bug its deprecated code , its moved on , it happens now and again they change it up
If you think its bug open a case with Cisco TAC but the message is telling you the code is not valid your trying to apply anymore
Review Cisco Networking for a $25 gift card