Mar 15

Cisco MDS 9000 Key Mismatch Error for SAN-OS Version 3.1 – AAA Config

Though 3.1 is quite old version but still maybe in use on Fabric Switches somewhere on your network. While configuring AAA on these switches you specify Shared Secret key which matches with what you had configured on your ACS / Radius Server. The product documentation states that you can any secret key within certain length and can contain signs including ‘$’ and ‘%’.  However, you need to be careful what key to select because it doesn’t like ‘\’ or some other signs. So, for example you setup shared secret on ACS and Switch as ‘cisco\’  it will now work and if you check ACS logs, in failed attempts, it will show ‘Key Mismatch’ error for this switch. All you need to do is to change the secret key to ‘cisco124’ or something else which doesn’t include ‘\’ sign.  Now some other signs or symbols might effect it as well. Now, as I had came across which this particular  Version details for the switch found with issue

9124# sh version
Cisco Storage Area Networking Operating System (SAN-OS) Software
——Output Omitted——-

BIOS:      version 1.0.0
kickstart: version 3.1(2a)
system:    version 3.1(2a)

BIOS compile time:       10/04/06
kickstart image file is: bootflash:/m9100-s2ek9-kickstart-mz.3.1.2a.bin
kickstart compile time:  2/7/2007 14:00:00 [02/10/2007 04:16:35]
system image file is:    bootflash:/m9100-s2ek9-mz.3.1.2a.bin
system compile time:     2/7/2007 14:00:00 [02/10/2007 04:32:50]


Here is another post which details AAA config on Cisco MDS 9000 Series Switches


Leave a Reply

%d bloggers like this: