09-14-2005 12:50 PM
I have a pair of ACS Servers setup. I can setup my 3750's to authenticate to the servers, however I can't get my 6500's to. This is the output from my debugs.
001589: Sep 14 15:16:54: TAC+: Using default tacacs server-group "tacacs+" list.
001590: Sep 14 15:16:54: TAC+: Opening TCP/IP to 10.36.11.30/49 timeout=5
001591: Sep 14 15:16:54: TAC+: Opened TCP/IP handle 0x4525CEF8 to 10.36.11.30/49
001592: Sep 14 15:16:54: TAC+: 10.36.11.30 (1985811061) AUTHEN/START/LOGIN/ASCII queued
001593: Sep 14 15:16:54: TAC+: (1985811061) AUTHEN/START/LOGIN/ASCII processed
001594: Sep 14 15:16:54: TAC+: received bad AUTHEN packet: type = 0, expected 1
001595: Sep 14 15:16:54: TAC+: Invalid AUTHEN/START/LOGIN/ASCII packet (check keys)
I have checked the config several times. I belive it is correct. Any Idea? HELP!
03-16-2006 06:28 AM
Hi, I am having a similar problem with a SAN switch 9216i. I am getting the key mismatch on the ACS Server(3.2) when i try log into the switch. I have confirmed the key is correct on the SAN switch and the ACS Server. When i try to enter the key as clear text using the 0 value, the switch encrypts the key anyway so although I have typed and retyped the password, I can't phsyically see it when it is on the switch. The config seems pretty basic for the SAN Switch. Here is what I typed in:
tacacs+ enable
tacacs-server timeout 30
tacacs-server key 0 password
tacacs-server host 10.10.10.1
I am using SAN OS version 2.1(1b).
Anybody else seen this before?
03-16-2006 08:43 AM
What I did was specify the intface to use. So I know what IP to configure on the ACS.
I added this command to the switch config.
ip tacacs source-interface Loopback0
03-16-2006 08:45 AM
Brian
I am not very fammiliar with the SAN switch, so I can not say if it is common. I would suggest that you try typing the tacacs-server key command without the 0, so just type tacacs-server key
Try it and let us know what happens.
HTH
Rick
03-20-2006 12:57 AM
Thanks for the replies, I actually got it working by accident. That key error seemed to be a bit of a red-herring because as soon as I added the line aaa authentication login default group ACS, it started to work!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: