cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
261
Views
2
Helpful
1
Replies

Locked Out of Device (by SSH) 3011 invalid tacacs+ request packet - possibly mismatched shared secrets

parakiteiz
Level 1
Level 1

I have a Nexus 5000 that I set up to use tacacs (Ciscos ACS 5.2).  When I try to logon on the error I receive is 3011 invalid tacacs+ request packet - possibly mismatched shared secrets. I obvious I plugged the wrong shared secret (more like typo). Now it won't let me log in locally (with local account).

I deleted the device for the Cisco ACS server and it is still trying to authenticate against the ACS server no matter what account I use. I have not tried to console in yet but is that my best bet to getting logged on and fixing the config.

 

 

1 Reply 1

Preston Kilburn
Level 1
Level 1

You have to do some funky stuff to authenticate on the Nexus equipment if I recall correctly.  You have to specify a role that the tacacs user is trying to use.  If you google tacacs nexus - I think it has something to do with the network-admin role.

Also - make sure that you're setting the right IP address as the tacacs source - it may be referencing another IP it has decided to use for tacacs.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: