03-04-2010 05:26 AM - edited 03-06-2019 09:59 AM
Hi,
I'm having great difficulty getting tacacs working on my Nexus 7000. Config on nexus is
feature tacacs+
tacacs-server key 7 "test"
tacacs-server host 10.128.46.50
aaa group server tacacs+ TacServer
server 10.128.46.50
aaa authentication login default group TacServer
aaa accounting default group TacServer
On the Cisco ACS software it say there is a key mismatch but the keys match. Any ideas as I'm stuck?
03-04-2010 05:31 AM
Couple things to look at:
Try removing the number seven out of this line:
tacacs-server key 7 "test"
If required to put an encryption set it to cero instead, which means plain text.
If you have Network Device Groups on the ACS, the NDG Shared Secret takes precedence over the key specified at the Client level.
HTH,
03-04-2010 09:30 AM
Thanks for your help, TACACS must be working now as if I enter a wrong password it records this on the ACS server. the problem now is when I enter my user name and password I get an access denied, aa config below.
Nexus
aaa authentication login default group TacServer
aaa accounting default group TacServer
On our IOS router and switches we have the following aaa config which we use to enter our windows user name and passwords for login then enable.
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
Thanks
Darren
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide