I'm having problems with the 12.2(55)SE7 software when using Tacacs. It seems the CPU load is so high I am not able to log on to the switch. When I change the config, via SNMP, to use local userdatabase I can log on, but the CPU load is still very high. Some switches won't let me log in even if I change the AAA-config.

Reverting to 12.2(55)SE5 makes this problem go away, but the catch is - these switches are in remote locations and reloading them doesn't work either. They have to be power-cycled. The switch accepts the reload command, but doesn't reload. Trying the reload command again gives the following output:

hostname#reload

%Reload in progress

This issue is pretty annoying as switches are shipped with 12.2(55)SE7 and the people deploying them don't have the knowledge to swap IOS and if they did it would cost us a lot of money.

Any help on this would be greatly appreciated.

original tacacs config:

aaa authentication login default group tacacs+ local

aaa authentication login no_tacacs enable

aaa authorization exec default group tacacs+ if-authenticated

tacacs config that allows me to log in:

aaa authentication login default local

aaa authorization exec default local

show version:

Switch Ports Model              SW Version            SW Image

------ ----- -----              ----------            ----------

*    1 26    WS-C2960-24TT-L    12.2(55)SE7           C2960-LANBASEK9-M

hostname#sh processes cpu | inc TPLUS

225   747057978  29683876      25167 91.69% 92.28% 91.03%   0 TPLUS