Core issue

This issue is due to presence of Cisco bug ID CSCsd46369.

In this issue the packets sent by the router or switch contain the wrong IP source address, even though the configuraiton identifies a specific interface to be used as the IP source address. The TACACS+ server rejects some of the AAA requests since they arrive with an unknown IP source address.

This issue is typically observerd on a 3845 that runs Cisco IOS  Software Release 12.4(5) (c3845-adventerprisek9_sna-mz.124-5.bin).

The configuration included the line:

ip tacacs source-interface Loopback0

Resolution

The workaround for this issue is to configure entries for each IP address in use at each NAS on TACACS+ server.

In order to completely resolve this issue, upgrade the router to any of these software releases:

• Cisco IOS Software Release 12.4(8)
  
  
• Cisco IOS Software Release 12.4(9.9)
  
  
• Cisco IOS Software Release 12.4(9.6)T
  
  
• Cisco IOS Software Release 12.4(9.9)T
  
  
• Cisco IOS Software Release 12.4(07b)
  
  
• Cisco IOS Software Release 12.4(6)T03
  
  
• Cisco IOS Software Release 12.4(4)T04
  
  
• Cisco IOS Software Release 12.4(03f)
  
  
• Cisco IOS Software Release 12.4(9)T01

Use the Cisco IOS Upgrade Planner in order to download the suggested software images.