Can't get TACACS+ working on Nexus 7000

darrenriley5 · ‎03-04-2010

Hi,

I'm having great difficulty getting tacacs working on my Nexus 7000. Config on nexus is

feature tacacs+

tacacs-server key 7 "test"
tacacs-server host 10.128.46.50
aaa group server tacacs+ TacServer
server 10.128.46.50

aaa authentication login default group TacServer
aaa accounting default group TacServer

On the Cisco ACS software it say there is a key mismatch but the keys match. Any ideas as I'm stuck?

ansalaza · ‎03-04-2010

Couple things to look at:

Try removing the number seven out of this line:
tacacs-server key 7 "test"

If required to put an encryption set it to cero instead, which means plain text.

If you have Network Device Groups on the ACS, the NDG Shared Secret takes precedence over the key specified at the Client level.

HTH,

darrenriley5 · ‎03-04-2010

Thanks for your help, TACACS must be working now as if I enter a wrong password it records this on the ACS server. the problem now is when I enter my user name and password I get an access denied, aa config below.

Nexus

aaa authentication login default group TacServer
aaa accounting default group TacServer

On our IOS router and switches we have the following aaa config which we use to enter our windows user name and passwords for login then enable.

aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable

Thanks

Darren