Sep 032009

service password-encryption will not encrypt the tacacs-server key on most IOS 12.2 and below.

So be careful with copy&paste things like

tacacs-server key 7 120B0A02060E1E49392E273A3621315D091317

You have to enter your tacacs-server key in cleartext for a working tacacs setup.

tacacs-server key

Erroneous configuration may result in the following output of debug tacacs:

TPLUS: Queuing AAA Authentication request 199 for processing
TPLUS: processing authentication start request id 199
TPLUS: Authentication start packet created for 199()
TPLUS: Using server
TPLUS(000000C7): connected to server
TPLUS: response received for AAA request 199
TPLUS: received bad AUTHEN packet: length = 6, expected 66016
TPLUS: Invalid AUTHEN packet (check keys)

The 0 string and 7 string keyword and argument pairs were added in 12.3(2)T

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>