cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
740
Views
0
Helpful
1
Replies

acs 4.0 tacacs+ key

faxfan2002
Level 1
Level 1

Hi,

I am trying to use a ACS appliance for switch TACACS+ authen. I'm getting a key mismatch, however I don't actually remember setting a key for TACACS on the ACS appliance. How do I reset / find out where this is set??

Thanks.

1 Accepted Solution

Accepted Solutions

a.kiprawih
Level 7
Level 7

1. ACS side:

- Login to the ACS via web browser

- On ACS main menu, check the switch configuration status (called AAA Client) under "Network Configuration - AAA Client".

http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_user_guide_chapter09186a0080233613.html#wp142681

- Check the switch details, and check the stated secret key. You may re-enter the same key or define new key (without extra space or characters).

- Compare or use this key in the switch, which is configured under "tacacs-server" parameter.

- Save the config

2. Switch

- Login to the switch CLI (console/telnet/ssh)

- Scroll down to the 'tacacs-server key' configuration line.

http://www.cisco.com/en/US/products/hw/switches/ps637/products_configuration_guide_chapter09186a008007f032.html#xtocid238207

- Delete the exisitng key (normally hash/encrypted). Enter the same key - without extra space or characters.

- Make sue you're pointing to the correct ACS Server/IP

- Do not save the config yet.Test the tacacs+/AAA authentication to verify that both ACS server and the switch used correct/identical key.

Hope this helps. Pls rate all useful post(s)

AK

View solution in original post

1 Reply 1

a.kiprawih
Level 7
Level 7

1. ACS side:

- Login to the ACS via web browser

- On ACS main menu, check the switch configuration status (called AAA Client) under "Network Configuration - AAA Client".

http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_user_guide_chapter09186a0080233613.html#wp142681

- Check the switch details, and check the stated secret key. You may re-enter the same key or define new key (without extra space or characters).

- Compare or use this key in the switch, which is configured under "tacacs-server" parameter.

- Save the config

2. Switch

- Login to the switch CLI (console/telnet/ssh)

- Scroll down to the 'tacacs-server key' configuration line.

http://www.cisco.com/en/US/products/hw/switches/ps637/products_configuration_guide_chapter09186a008007f032.html#xtocid238207

- Delete the exisitng key (normally hash/encrypted). Enter the same key - without extra space or characters.

- Make sue you're pointing to the correct ACS Server/IP

- Do not save the config yet.Test the tacacs+/AAA authentication to verify that both ACS server and the switch used correct/identical key.

Hope this helps. Pls rate all useful post(s)

AK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: