09-19-2011 08:17 AM - edited 03-07-2019 02:18 AM
I seem to be getting this error every two minutes or so. Everything on the switch works ok, including tacacs (I can log onto the switch using my ACS account) so I don't see why I'm getting this error?
Can anyone assist?
09-19-2011 08:31 AM
What code are you running?
Do you have no ip domain-lookup configured?
Regards,
jerry
09-20-2011 01:26 AM
We're running version 5.1.1.
We have "ip domain-lookup" configured. I believe there is an unspecified bug which means you cannot do a "copy run start" if you have "no ip domain-lookup" and no domain specified.
09-20-2011 02:43 AM
Hi James,
If you issue the test aaa command does it return an error, and if so what is that error?
09-20-2011 02:50 AM
No errors are returned -
DS0102# test aaa server tacacs+ 10.184.100.45 0355414 ######## user has been authenticated
DS0102# test aaa group LTSB 0355414 ####### user has been authenticated
09-20-2011 03:42 AM
Have you configured shared keys for the TACACS?
09-20-2011 04:51 AM
Hi James,
You are hitting CSCtj83417 bug with this behaviour. This is fixed in 5.2(1) release posted on CCO.
HTH,
-amit singh
09-20-2011 06:45 AM
Amit, The only possible reason that it is hitting CSCtj83417 bug is ip domain lookup is configured after TACACS is enabled and configured. Otherwise, it doesn't match the condiction in the bug.
James, you are running a very bad code 5.1.1. You should upgrade it to 5.1.4 or so. If you are indeed hitting CSCtj83417, you can try a system switchover to see that goes away.
Regards,
jerry
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: