Can't get TACACS+ working on Nexus 7000

Unanswered Question
Mar 4th, 2010
User Badges:

Hi,


I'm having great  difficulty getting tacacs working on my Nexus 7000. Config on nexus is


feature tacacs+


tacacs-server key 7 "test"
tacacs-server host 10.128.46.50
aaa group server tacacs+ TacServer
    server 10.128.46.50


aaa authentication login default group TacServer
aaa accounting default group TacServer



On the Cisco ACS software it say there is a key mismatch but the keys match. Any ideas as I'm stuck?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ansalaza Thu, 03/04/2010 - 05:31
User Badges:
  • Cisco Employee,

Couple things to look at:


Try removing the number seven out of this line:
tacacs-server key 7 "test"


If required to put an encryption set it to cero instead, which means plain text.


If you have Network Device Groups on the ACS, the NDG Shared Secret takes precedence over the key specified at the Client level.


HTH,

darrenriley5 Thu, 03/04/2010 - 09:30
User Badges:

Thanks for your help, TACACS must be working now as if I enter a wrong password it records this on the ACS server. the problem now is when I enter my user name and password I get an access denied, aa config below.


Nexus

aaa authentication login default group TacServer
aaa accounting default group TacServer


On our IOS router and switches we have the following aaa config which we use to enter our windows user name and passwords for login then enable.

aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable


Thanks

Darren

Actions

This Discussion