Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Tacacs do not function in Nexus 5000

Dear

For some reason, the tacacs not work on my nexus 5000.

This is the settings:


feature tacacs+

logging level tacacs 5

tacacs-server key 7 "clave"

ip tacacs source-interface Vlanx

tacacs-server host x.x.x.x                          >>> with this host works tacacs+

tacacs-server host x.x.x.x key 7 "clave"  >>> with this host does not work the tacacs+

aaa group server tacacs+ TACSERVER

    server x.x.x.x

    server x.x.x.x

    source-interface Vlanx

!

aaa authentication login default group TACSERVER

aaa authentication login error-enable

tacacs-server directed-request

These are the tests I've done to validate the configuration without success:

Nexus# test aaa server tacacs+ x.x.x.x user pass

error authenticating to server

7

Nexus# 2013 Aug  6 12:45:38 NITE4 %TACACS-3-TACACS_ERROR_MESSAGE: received bad authentication packet from x.x.x.x

NITE4# test aaa group TACSERVER user pass

user has failed authentication

The strange thing is that the other host is configured runs smoothly.

tacacs + the application is on a linux server has the following version:

tac_plus  version F5.0.0a1

The problem is very strange.

I need help.

Best regards

1 REPLY
Cisco Employee

Tacacs do not function in Nexus 5000

Hi Sergio,

It sounds like a shared secret mismatch between your server and the device. Since TACACS+ encrypts the entire packet, if the shared secret is off then each device recieves garble for their "communication"

I would check to make sure the shared secrets match. What could be the issue is the command

tacacs-server host x.x.x.x key 7 "clave" 

the 'key 7' bit indicates that a previously hashed password will be put here. I would use the

tacacs-server host x.x.x.x key 0 clave

If clave is your shared secret.

466
Views
5
Helpful
1
Replies