We have detected an extrange behaviour in the above IOS version, we've a 1721 router in order to permit remote access to our network, and it was runnning the following IOS: "c1700-k9o3sy7-mz.123-19.bin". This IOS don't support a 4 FastEthernet WIC, then we updated to the "c1700-k9o3sy7-mz.124-1c.bin" version to get that feature, everything looked fine, the hardware was recognized but suddenly nobody was able to authenticate via SSH with the TACACS server... we spent all day troubbleshooting the issue, but no way, the only solution was downgrade to the later IOS...
Am I correct in understanding your post to be that TACACS worked ok when running 12.3(19) and did not work when running 12.4(1c)? I am not aware of anything in 12.4 that prevents TACACS or changes it significantly. Did anything else change in the router?
It would be very helpful to know what the TACACS server was reporting about the attempt to authenticate? Was the TACACS server generating error messages in the failed attempts log? What were the error messages?
Is it possible that in adding the 4 FastEthernet WIC that addressing changed and the TACACS request is now coming from a different source address? Does your config include the ip tacacs source-interface command?
Let us know the answers to these questions and perhaps we can find the answer.
Yes, you are rightt, TACACS was working fine with the 12.3 version.
There was changes in the configuration but the last troublesooting task we was trying was upload an older startup-config file. The TACACS server is'n managed by us, but our box was reachable from it, and downgrading the IOS was the only solution... it sounds like a bug...
So.. the solution has been creating interfaces dot1q and forget any redundancy capability.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...