Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

acs 4.0 tacacs+ key

Hi,

I am trying to use a ACS appliance for switch TACACS+ authen. I'm getting a key mismatch, however I don't actually remember setting a key for TACACS on the ACS appliance. How do I reset / find out where this is set??

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: acs 4.0 tacacs+ key

1. ACS side:

- Login to the ACS via web browser

- On ACS main menu, check the switch configuration status (called AAA Client) under "Network Configuration - AAA Client".

http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_user_guide_chapter09186a0080233613.html#wp142681

- Check the switch details, and check the stated secret key. You may re-enter the same key or define new key (without extra space or characters).

- Compare or use this key in the switch, which is configured under "tacacs-server" parameter.

- Save the config

2. Switch

- Login to the switch CLI (console/telnet/ssh)

- Scroll down to the 'tacacs-server key' configuration line.

http://www.cisco.com/en/US/products/hw/switches/ps637/products_configuration_guide_chapter09186a008007f032.html#xtocid238207

- Delete the exisitng key (normally hash/encrypted). Enter the same key - without extra space or characters.

- Make sue you're pointing to the correct ACS Server/IP

- Do not save the config yet.Test the tacacs+/AAA authentication to verify that both ACS server and the switch used correct/identical key.

Hope this helps. Pls rate all useful post(s)

AK

1 REPLY

Re: acs 4.0 tacacs+ key

1. ACS side:

- Login to the ACS via web browser

- On ACS main menu, check the switch configuration status (called AAA Client) under "Network Configuration - AAA Client".

http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_user_guide_chapter09186a0080233613.html#wp142681

- Check the switch details, and check the stated secret key. You may re-enter the same key or define new key (without extra space or characters).

- Compare or use this key in the switch, which is configured under "tacacs-server" parameter.

- Save the config

2. Switch

- Login to the switch CLI (console/telnet/ssh)

- Scroll down to the 'tacacs-server key' configuration line.

http://www.cisco.com/en/US/products/hw/switches/ps637/products_configuration_guide_chapter09186a008007f032.html#xtocid238207

- Delete the exisitng key (normally hash/encrypted). Enter the same key - without extra space or characters.

- Make sue you're pointing to the correct ACS Server/IP

- Do not save the config yet.Test the tacacs+/AAA authentication to verify that both ACS server and the switch used correct/identical key.

Hope this helps. Pls rate all useful post(s)

AK

156
Views
0
Helpful
1
Replies
CreatePlease to create content