cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
960
Views
0
Helpful
18
Replies

ACS config

ppellettiere
Level 1
Level 1

I have a pair of ACS Servers setup. I can setup my 3750's to authenticate to the servers, however I can't get my 6500's to. This is the output from my debugs.

001589: Sep 14 15:16:54: TAC+: Using default tacacs server-group "tacacs+" list.

001590: Sep 14 15:16:54: TAC+: Opening TCP/IP to 10.36.11.30/49 timeout=5

001591: Sep 14 15:16:54: TAC+: Opened TCP/IP handle 0x4525CEF8 to 10.36.11.30/49

001592: Sep 14 15:16:54: TAC+: 10.36.11.30 (1985811061) AUTHEN/START/LOGIN/ASCII queued

001593: Sep 14 15:16:54: TAC+: (1985811061) AUTHEN/START/LOGIN/ASCII processed

001594: Sep 14 15:16:54: TAC+: received bad AUTHEN packet: type = 0, expected 1

001595: Sep 14 15:16:54: TAC+: Invalid AUTHEN/START/LOGIN/ASCII packet (check keys)

I have checked the config several times. I belive it is correct. Any Idea? HELP!

18 Replies 18

Hi, I am having a similar problem with a SAN switch 9216i. I am getting the key mismatch on the ACS Server(3.2) when i try log into the switch. I have confirmed the key is correct on the SAN switch and the ACS Server. When i try to enter the key as clear text using the 0 value, the switch encrypts the key anyway so although I have typed and retyped the password, I can't phsyically see it when it is on the switch. The config seems pretty basic for the SAN Switch. Here is what I typed in:

tacacs+ enable

tacacs-server timeout 30

tacacs-server key 0 password

tacacs-server host 10.10.10.1

I am using SAN OS version 2.1(1b).

Anybody else seen this before?

What I did was specify the intface to use. So I know what IP to configure on the ACS.

I added this command to the switch config.

ip tacacs source-interface Loopback0

Brian

I am not very fammiliar with the SAN switch, so I can not say if it is common. I would suggest that you try typing the tacacs-server key command without the 0, so just type tacacs-server key

Try it and let us know what happens.

HTH

Rick

HTH

Rick

Thanks for the replies, I actually got it working by accident. That key error seemed to be a bit of a red-herring because as soon as I added the line aaa authentication login default group ACS, it started to work!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: