Per-VRF TACACS config gets "Address already in use" error

artegall1 · ‎03-11-2008

I have created a per-VRF TACACS config on a couple of network devices. I can ping the ACS servers through the VRF. TACACS makes the attempt to contact the servers, but the following message shows up in the log when I debug TACACS:

*Mar 11 08:57:38 starts: TAC+: Opening TCP/IP to x.x.x.x/49 timeout=5

*Mar 11 08:57:38 starts: TAC+: TCP/IP open to x.x.x.x/49 failed -- Address already in use

I can't find anything on CCO that references the "Address already in use" message.

Has anyone run into this?

artegall1 · ‎03-11-2008

FYI: If anyone else runs into this, it's a known bug. The bug ID is CSCsl45701. The workaround is to use a source-interface in the global table. The URL for the bug is:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsl45701

g-hopkinson · ‎03-26-2008

Hi,

I have a similar issue, but the server group configuartion also goes missing. This is on a 6500 running 12.2.33SXH. Did your server group go missing from the running config?

Thanks.

artegall1 · ‎03-26-2008

Hmmm...no, the server group is still there. Did you see the other post which describes the bug ID? The link to the bug is:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsl45701

Do you get the IP address is in use log message?

g-hopkinson · ‎03-27-2008

Hi,

Saw the bug, we get address in use message, but that seems to be due to the aaa group missing.

sam.crooks · ‎04-14-2008

we ran into it on modular IOS 12.2(33)SXH1

we found that if we reverted to non-modular IOS 12.2(33)SXH1, the issue was resolved and we had no issues.

artegall1 · ‎04-14-2008

That is very good news; I will give it a shot. Thanks for the post.