Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
672
Views
0
Helpful
4
Replies

Deleted tacacs servers after reload

g-hopkinson
Level 1
Level 1

‎11-12-2007 04:11 AM - edited ‎03-05-2019 07:22 PM

Hi,

I have a 3550 running 12.2(40)SE, if I configure "aaa group server tacacs test" and add a server, it is removed after a reload. Its ok with radius.

Its ok running 12.2.(25)SEE4.

Anyone seen this issue and why?

Thanks.

Gary

Labels:
0 Helpful
4 Replies 4

wdrootz
Level 4
Level 4

‎11-16-2007 10:19 AM

Make sure you save the running-config to startup-config, before reloading the switch. After reloading check if the commands are present in the startup-config. If they are present, then the new IOS release may not be compatible with the AAA commands. Verify if there is any change in syntax for the command in the new release.

0 Helpful

g-hopkinson
Level 1
Level 1
In response to wdrootz

‎11-18-2007 12:16 PM

Thanks.

what I have done recently is to erase the config and reload the box, add a basic ip address and tftp the config back. I now get the errors below. I am guessing that the tacacs-server commands being lower down in the configuration are being parsed later than the server group commands. The tacacs-server commands are required before adding servers into the server group.

I will also check the startup config as well, however you can add the commands, and in radius config as well which works.

thanks.

00:03:15: %AAAA-4-NOSERVER: Warning: Server 192.168.185.25 is not defined.

00:03:15: %AAAA-4-NOSERVER: Warning: Server 192.168.185.25 is not defined.

00:03:15: %AAAA-4-NOSERVER: Warning: Server 192.168.185.26 is not defined.

00:03:15: %AAAA-4-NOSERVER: Warning: Server 192.168.185.26 is not defined.

0 Helpful

andrew.butterworth
Level 7
Level 7
In response to g-hopkinson

‎11-19-2007 04:34 AM

Yes, you get that message if you define the group first before the servers are added in global config. It is the same for Radius. It is a bit odd as in the configuration file (or show run) the server groups appear before the individual servers, which are towards the end.

I have 12.2(40)SE on a 3550 but I only have some Radius Servers defined. I'll add some TACACS+ Servers and reload it and see what happens...

EDIT: I have just tried this and you are correct.... The servers in the group are removed following a reboot. They do remain in global configuration though.

I added:

tacacs-server host 10.1.1.1 key cisco

aaa group server tacacs+ TACACS-Servers

server 10.1.1.1

I then saved the config and rebooted and only this was left:

tacacs-server host 10.1.1.1 key cisco

aaa group server tacacs+ TACACS-Servers

I think this is probably a bug. Raise a TAC case.

Andy

0 Helpful

g-hopkinson
Level 1
Level 1
In response to andrew.butterworth

‎11-19-2007 01:50 PM

Andy,

I have a TAC case open, but its being handled with Cisco's lightening speed I have come to loath.

Regarding the same upgrade I am getting info on failing to fall back to enable password if connectivity to Tacacs servers are lost.

Will keep you posted.

Thanks.

Gary.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card