Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3015
Views
0
Helpful
1
Comments

The TACACS+ server rejects AAA requests sent by a router running Cisco IOS version 12.4

TCC_2
Level 10
Level 10

‎06-22-2009 04:47 PM - edited ‎02-21-2020 09:55 PM

Core issue

This issue occurs due to the presence of Cisco bug ID CSCsd46369.

The TACACS+ packets sent by the router or switch to the TACACS+ server contain the wrong IP source address. This occurs even though the configuration identifies a specific interface to be used as the IP source address. The TACACS+ server rejects some of the Authentication, Authorization, and Accounting (AAA) requests because they arrive with an unknown IP source address.

This issue is observed on a Cisco 3845 router running Cisco IOS  Software 12.4(5) (c3845-adventerprisek9_sna-mz.124-5.bin). Refer to All Affected Versions for other Cisco IOS versions affected by this bug.

Resolution

As a workaround, perform one of these steps:

  • Configure entries for each IP address in use at each Network Attached Storage (NAS) on the TACACS+ server.

  • Download and upgrade the Cisco IOS to any of these versions:

  • 12.4(8)

  • 12.4(9.9)

  • 12.4(9.6)T

  • 12.4(9.9)T

  • 12.4(07b)

  • 12.4(6)T03

Labels:
0 Helpful
Comments
Kevin Morales
Level 1
Level 1
‎11-29-2009 06:15 AM

hello.

configure a interface loopback and use the command ip tacacs source-interface loopback 0.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents