Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2477
Views
0
Helpful
1
Replies

Nexus 7000 AAA and Cisco ACS Problem

darrenriley5
Level 1
Level 1

‎03-05-2010 01:16 AM - edited ‎03-06-2019 10:00 AM

I'm having difficulty getting our Cisco ACS server to authenticate access to our Nexus 7000 switch. I think the TACACS+ is set up correctly on the Nexus as when I enter my password incorrectly on the Nexus I see this in the ACS logs. The problem is when I enter my password correctly on the Nexus I get an access denied message. The set up on the ACS is very simple and works for fine for our current IOS router and switches, the aaa config  on our IOS router and switches is below. On the ACS we have a group for users which allow privilege level 15, full access. We

aaa new-model

aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

The config on the Nexus is below. Will I need to change  the set up on the ACS or do I need additional settings on the Nexus. The ACS version is quite old, v3.3. We only have one vdc on the Nexus.


feature tacacs+
tacacs-server key 0 test
tacacs-server host 10.128.46.50
aaa group server tacacs+ TacServer
    server 10.128.46.50

aaa authentication login default group TacServer
aaa accounting default group TacServer


feature tacacs+
tacacs-server key 0 test

tacacs-server host 10.128.46.50
aaa group server tacacs+ TacServer
    server 10.128.46.50

Labels:
0 Helpful
1 Reply 1

keyur.desai
Level 1
Level 1

‎03-05-2010 06:58 AM

I have acs version 4 and have the following configs on nexus and it works for me.....

tacacs-server key 7 "XXXX"
ip tacacs source-interface loopback0
tacacs-server host "ip address here" key 7 "XXXX"
tacacs-server host "ip address over here" key 7 "XXXX"
aaa group server tacacs+ TACACS-ACS-Servers
    server "Tacacs primary ip here"
    server "Secondary ip here"
    source-interface loopback0

aaa authentication login default group TACACS-ACS-Servers
aaa authentication login console group TACACS-ACS-Servers
aaa accounting default group TACACS-ACS-Servers
tacacs-server directed-request

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card