Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
761
Views
0
Helpful
1
Replies

acs 4.0 tacacs+ key

Go to solution
faxfan2002
Level 1
Level 1

‎11-17-2006 07:35 AM - edited ‎03-10-2019 02:50 PM

Hi,

I am trying to use a ACS appliance for switch TACACS+ authen. I'm getting a key mismatch, however I don't actually remember setting a key for TACACS on the ACS appliance. How do I reset / find out where this is set??

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
a.kiprawih
Level 7
Level 7

‎11-17-2006 08:53 AM

1. ACS side:

- Login to the ACS via web browser

- On ACS main menu, check the switch configuration status (called AAA Client) under "Network Configuration - AAA Client".

http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_user_guide_chapter09186a0080233613.html#wp142681

- Check the switch details, and check the stated secret key. You may re-enter the same key or define new key (without extra space or characters).

- Compare or use this key in the switch, which is configured under "tacacs-server" parameter.

- Save the config

2. Switch

- Login to the switch CLI (console/telnet/ssh)

- Scroll down to the 'tacacs-server key' configuration line.

http://www.cisco.com/en/US/products/hw/switches/ps637/products_configuration_guide_chapter09186a008007f032.html#xtocid238207

- Delete the exisitng key (normally hash/encrypted). Enter the same key - without extra space or characters.

- Make sue you're pointing to the correct ACS Server/IP

- Do not save the config yet.Test the tacacs+/AAA authentication to verify that both ACS server and the switch used correct/identical key.

Hope this helps. Pls rate all useful post(s)

AK

View solution in original post

0 Helpful
1 Reply 1

Go to solution
a.kiprawih
Level 7
Level 7

‎11-17-2006 08:53 AM

1. ACS side:

- Login to the ACS via web browser

- On ACS main menu, check the switch configuration status (called AAA Client) under "Network Configuration - AAA Client".

http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_user_guide_chapter09186a0080233613.html#wp142681

- Check the switch details, and check the stated secret key. You may re-enter the same key or define new key (without extra space or characters).

- Compare or use this key in the switch, which is configured under "tacacs-server" parameter.

- Save the config

2. Switch

- Login to the switch CLI (console/telnet/ssh)

- Scroll down to the 'tacacs-server key' configuration line.

http://www.cisco.com/en/US/products/hw/switches/ps637/products_configuration_guide_chapter09186a008007f032.html#xtocid238207

- Delete the exisitng key (normally hash/encrypted). Enter the same key - without extra space or characters.

- Make sue you're pointing to the correct ACS Server/IP

- Do not save the config yet.Test the tacacs+/AAA authentication to verify that both ACS server and the switch used correct/identical key.

Hope this helps. Pls rate all useful post(s)

AK

0 Helpful
Customers Also Viewed These Support Documents