Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

The TACACS+ server rejects AAA requests sent by a router running Cisco IOS version 12.4

Core issue

This issue occurs due to the presence of Cisco bug ID CSCsd46369.

The TACACS+ packets sent by the router or switch to the TACACS+ server contain the wrong IP source address. This occurs even though the configuration identifies a specific interface to be used as the IP source address. The TACACS+ server rejects some of the Authentication, Authorization, and Accounting (AAA) requests because they arrive with an unknown IP source address.

This issue is observed on a Cisco 3845 router running Cisco IOS  Software 12.4(5) (c3845-adventerprisek9_sna-mz.124-5.bin). Refer to All Affected Versions for other Cisco IOS versions affected by this bug.


As a workaround, perform one of these steps:

  • Configure entries for each IP address in use at each Network Attached Storage (NAS) on the TACACS+ server.

  • Download and upgrade the Cisco IOS to any of these versions:

  • 12.4(8)

  • 12.4(9.9)

  • 12.4(9.6)T

  • 12.4(9.9)T

  • 12.4(07b)

  • 12.4(6)T03

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:47 PM
Updated by:
Labels (1)
New Member


configure a interface loopback and use the command ip tacacs source-interface loopback 0.