AAA failures on 3750G running ADVIPServ 12.2(53) SE

Unanswered Question

I am just banging my head on the wall and I can seem to figure it out.  I am trying to configure my 3750G stack to authenticate to my ACS 4.2 server.  The configuration is fine and when I look at the debugs I am getting from the switch that it selected the default profile and that is the extent of the log.  On the server I am getting a failed authentication of invalid secret key.  I have a multiple times changed the secret key to match and still getting the same issue.  I thought that it was because the source interface being a L3 port-channel and changed it to a vlan interface with the same issue.

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login noauth local

aaa authorization exec default group tacacs+ local

aaa authorization exec noauth local

aaa authorization console


ip tacacs source interface port-channel 1

tacacs-server timeout 5

tacacs-server host

tacacs-server key itsasecret

tacacs-server directed-request **must be a default command**

line con 0

login authentication noauth


line vty 0 15

login authentication default

Any help would be appreciated as I don't know if I am hitting a bug or not and searches have turned up nothing.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Wed, 05/05/2010 - 16:49

On ACS server, please check that you do not have a different secret key under NDG (Network Device Group) which is the likelihood of the error message that you are getting with regards to invalid secret key.

I looked into that and deleted whatever key was in there and made sure teh client had a proper key.  This gave me the same error so I deleted client to try again with the same results.  I also deleted the NDG and recreated a new one with no success.  Still getting the invalid key error within ACS's failed logs.


This Discussion

Related Content