Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Nexus 7K Switch is displaying "%TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond" error.

I seem to be getting this error every two minutes or so. Everything on the switch works ok, including tacacs (I can log onto the switch using my ACS account) so I don't see why I'm getting this error?

Can anyone assist?

7 REPLIES
Cisco Employee

Re: Nexus 7K Switch is displaying "%TACACS-3-TACACS_ERROR_MESSAG

What code are you running?

Do you have no ip domain-lookup configured?

Regards,

jerry

New Member

Re: Nexus 7K Switch is displaying "%TACACS-3-TACACS_ERROR_MESSAG

We're running version 5.1.1.

We have "ip domain-lookup" configured. I believe there is an unspecified bug which means you cannot do a "copy run start" if you have "no ip domain-lookup" and no domain specified.

VIP Green

Re: Nexus 7K Switch is displaying "%TACACS-3-TACACS_ERROR_MESSAG

Hi James,

If you issue the test aaa command does it return an error, and if so what is that error?

-- Please remember to rate and select a correct answer
New Member

Re: Nexus 7K Switch is displaying "%TACACS-3-TACACS_ERROR_MESSAG

No errors are returned -

DS0102# test aaa server tacacs+ 10.184.100.45 0355414 ######## user has been authenticated

DS0102# test aaa group LTSB 0355414 ####### user has been authenticated

VIP Green

Re: Nexus 7K Switch is displaying "%TACACS-3-TACACS_ERROR_MESSAG

Have you configured shared keys for the TACACS?

-- Please remember to rate and select a correct answer
Cisco Employee

Re: Nexus 7K Switch is displaying "%TACACS-3-TACACS_ERROR_MESSAG

Hi James,

You are hitting CSCtj83417 bug with this behaviour. This is fixed in 5.2(1) release posted on CCO.

HTH,

-amit singh

Cisco Employee

Re: Nexus 7K Switch is displaying "%TACACS-3-TACACS_ERROR_MESSAG

Amit, The only possible reason that it is hitting CSCtj83417 bug is ip domain lookup is configured after TACACS is enabled and configured. Otherwise, it doesn't match the condiction in the bug.

James, you are running a very bad code 5.1.1. You should upgrade it to 5.1.4 or so. If you are indeed hitting CSCtj83417, you can try a system switchover to see that goes away.

Regards,

jerry

3024
Views
0
Helpful
7
Replies