My customer has many 3560 switches configured with TACACS and several have no servers under the aaa group server tacacs+ xxxxxxxx command in running config but they are there in the startup config.
Some switches do not have them in either config but no one has removed them.
On one of the switches without the servers listed the switch is still going to the TACACS server as shown in a debug TACACS.
TAC+: using previously set server 172.20.1.40 from group xxxxxxx
Can anyone say why these lines maybe missing from the config as if you write memory then the startup will not have the commands as it writes running config to startup config and the customer mistakenly did this.
How on earth does it still see the servers when not configured as when it uses the method list it refers to the TACACS group xxxxxx which has no servers so should error (not fail) then step onto the next method? It goes direct to the TACACS server.
Would the no parser cache command be of use as the configs are not that large?
Any help appreciated. There is authorization and accounting and nothing anywhere shows any change to the configs of all these devices.