Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AAA failures on 3750G running ADVIPServ 12.2(53) SE

I am just banging my head on the wall and I can seem to figure it out.  I am trying to configure my 3750G stack to authenticate to my ACS 4.2 server.  The configuration is fine and when I look at the debugs I am getting from the switch that it selected the default profile and that is the extent of the log.  On the server I am getting a failed authentication of invalid secret key.  I have a multiple times changed the secret key to match and still getting the same issue.  I thought that it was because the source interface being a L3 port-channel and changed it to a vlan interface with the same issue.

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login noauth local

aaa authorization exec default group tacacs+ local

aaa authorization exec noauth local

aaa authorization console

!

ip tacacs source interface port-channel 1

tacacs-server timeout 5

tacacs-server host 10.224.1.181

tacacs-server key itsasecret

tacacs-server directed-request **must be a default command**

line con 0

login authentication noauth

!

line vty 0 15

login authentication default

Any help would be appreciated as I don't know if I am hitting a bug or not and searches have turned up nothing.

Regards,

Karim

Everyone's tags (4)
2 REPLIES
Cisco Employee

Re: AAA failures on 3750G running ADVIPServ 12.2(53) SE

On ACS server, please check that you do not have a different secret key under NDG (Network Device Group) which is the likelihood of the error message that you are getting with regards to invalid secret key.

New Member

Re: AAA failures on 3750G running ADVIPServ 12.2(53) SE

I looked into that and deleted whatever key was in there and made sure teh client had a proper key.  This gave me the same error so I deleted client to try again with the same results.  I also deleted the NDG and recreated a new one with no success.  Still getting the invalid key error within ACS's failed logs.

513
Views
0
Helpful
2
Replies
CreatePlease to create content