Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
405
Views
2
Helpful
1
Replies

Locked Out of Device (by SSH) 3011 invalid tacacs+ request packet - possibly mismatched shared secrets

parakiteiz
Level 1
Level 1

‎05-21-2014 07:57 AM - edited ‎02-21-2020 07:39 PM

I have a Nexus 5000 that I set up to use tacacs (Ciscos ACS 5.2).  When I try to logon on the error I receive is 3011 invalid tacacs+ request packet - possibly mismatched shared secrets. I obvious I plugged the wrong shared secret (more like typo). Now it won't let me log in locally (with local account).

I deleted the device for the Cisco ACS server and it is still trying to authenticate against the ACS server no matter what account I use. I have not tried to console in yet but is that my best bet to getting logged on and fixing the config.

 

 

Labels:
0 Helpful
1 Reply 1

Preston Kilburn
Level 1
Level 1

‎05-21-2014 02:49 PM

You have to do some funky stuff to authenticate on the Nexus equipment if I recall correctly.  You have to specify a role that the tacacs user is trying to use.  If you google tacacs nexus - I think it has something to do with the network-admin role.

Also - make sure that you're setting the right IP address as the tacacs source - it may be referencing another IP it has decided to use for tacacs.

Customers Also Viewed These Support Documents