The TACACS+ server rejects AAA requests sent by a router running Cisco IOS version 12.4


Jun 22, 2009 4:47 PM
Jun 22nd, 2009

Core issue

This issue occurs due to the presence of Cisco bug ID CSCsd46369.

The TACACS+ packets sent by the router or switch to the TACACS+ server contain the wrong IP source address. This occurs even though the configuration identifies a specific interface to be used as the IP source address. The TACACS+ server rejects some of the Authentication, Authorization, and Accounting (AAA) requests because they arrive with an unknown IP source address.

This issue is observed on a Cisco 3845 router running Cisco IOS  Software 12.4(5) (c3845-adventerprisek9_sna-mz.124-5.bin). Refer to All Affected Versions for other Cisco IOS versions affected by this bug.


As a workaround, perform one of these steps:

  • Configure entries for each IP address in use at each Network Attached Storage (NAS) on the TACACS+ server.

  • Download and upgrade the Cisco IOS to any of these versions:

  • 12.4(8)

  • 12.4(9.9)

  • 12.4(9.6)T

  • 12.4(9.9)T

  • 12.4(07b)

  • 12.4(6)T03

Average Rating: 0 (0 ratings)


Kevin Morales Sun, 11/29/2009 - 06:15


configure a interface loopback and use the command ip tacacs source-interface loopback 0.


Login or Register to take actions

This Document

Posted June 22, 2009 at 4:47 PM
Comments:1 Avg. Rating:0
Views:1656 Contributors:1

Related Content

Documents Leaderboard