Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

TACACS login problem on ACS 4.0

I configured the ACS box with a LAN infrastructure client including the correct client ip addresses of the devices, a key and set to authenticate using TACACS+. I configured a test user in the local ACS Internal database. I then configured a switch with the ACS IP address and the correct key. When I then try to login to the switch it fails and the following is logged in in the ACS failed attempts log:

08/29/2007 11:39:22 Authen failed .. Default Group .. (Default) Key Mismatch .. .. .. x.x.x.x.. .. .. .. .. LAN-Switches LAN-Infrastructure

I have triple checked that the keys are correct and yet the reason listed for failure is a key mismatch. I don't know if I've got something wrong in the config or if there is a bug.

Cisco switch config:

aaa new-model

aaa authentication attempts login 5

aaa authentication login default group tacacs+ local

aaa authentication login console local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa authorization commands 15 no_tacacs none

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

!

tacacs-server host x.x.x.x

no tacacs-server directed-request

tacacs-server key xxx

radius-server source-ports 1645-1646

ACS version:

CiscoSecure ACS

Release 4.0(1) Build 44

what could be worng

1 ACCEPTED SOLUTION

Accepted Solutions

Re: TACACS login problem on ACS 4.0

Please check,

ACS--->Network configuration----> NDG (where you have this switch) ----> Edit Properties----> Remove key.

NDG key overwrites aaa client key.

Regards

~JG

3 REPLIES

Re: TACACS login problem on ACS 4.0

Please check,

ACS--->Network configuration----> NDG (where you have this switch) ----> Edit Properties----> Remove key.

NDG key overwrites aaa client key.

Regards

~JG

Community Member

Re: TACACS login problem on ACS 4.0

JG, Many thanks. The issue has been resolved now.

Thanks

Community Member

Re: TACACS login problem on ACS 4.0

Thanks jgambhir,

This solved a problem that I was having authenticating Management Access on a WLC4402 controller to an ACS 4.1, my NDG contained the same password that I used for my router devices, and this was my first non router device.

Regards,

Charlie

182
Views
5
Helpful
3
Replies
CreatePlease to create content