Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Locked Out of Device (by SSH) 3011 invalid tacacs+ request packet - possibly mismatched shared secrets

I have a Nexus 5000 that I set up to use tacacs (Ciscos ACS 5.2).  When I try to logon on the error I receive is 3011 invalid tacacs+ request packet - possibly mismatched shared secrets. I obvious I plugged the wrong shared secret (more like typo). Now it won't let me log in locally (with local account).

I deleted the device for the Cisco ACS server and it is still trying to authenticate against the ACS server no matter what account I use. I have not tried to console in yet but is that my best bet to getting logged on and fixing the config.



New Member

You have to do some funky

You have to do some funky stuff to authenticate on the Nexus equipment if I recall correctly.  You have to specify a role that the tacacs user is trying to use.  If you google tacacs nexus - I think it has something to do with the network-admin role.

Also - make sure that you're setting the right IP address as the tacacs source - it may be referencing another IP it has decided to use for tacacs.

CreatePlease login to create content