Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco Secure ACS v4.2 problem

Let me start off by saying I'm a novice, and my ACS was installed by someone else and the drive shipped to me.

The basic problem is that I can't get my Catalyst 3560 to authenticate through the Tacacs.

The ACS had the local loopback ( set as the aaa server.  I changed it to the IP ( of my Win Server 2008 box that it's installed on.  My 3560 is, which I configured in the TACACS as a aaa client.

When I log on to 3560, it just logs on local.  The Tacacs log show’s failed attempts from (The local loopback of the 3560).  The error message is “unknown NAS”.  I get no successful logon attempts.  I added as a aaa client on the Tacacs, and the 3560 still logs on local, but I no longer get the failed attempt from

Ihave the same shared secret for aaa server and client on the Tacacs, as well as aaa host on the 3560.

I set my 3560 as follows:

aaa new-model

tacacs-server host

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ local

Can anyone shed some light on this?

Another question - Can I have the user account only on the Tacacs, or do I need a matching account on the 3560?



CreatePlease to create content