Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

c1700-k9o3sy7-mz.124-1c.bin and TACACS

HI all,

We have detected an extrange behaviour in the above IOS version, we've a 1721 router in order to permit remote access to our network, and it was runnning the following IOS: "c1700-k9o3sy7-mz.123-19.bin". This IOS don't support a 4 FastEthernet WIC, then we updated to the "c1700-k9o3sy7-mz.124-1c.bin" version to get that feature, everything looked fine, the hardware was recognized but suddenly nobody was able to authenticate via SSH with the TACACS server... we spent all day troubbleshooting the issue, but no way, the only solution was downgrade to the later IOS...

Anyone has idea about what could be happening?

Thanks a lot in advance.

Cheers,

2 REPLIES
Hall of Fame Super Silver

Re: c1700-k9o3sy7-mz.124-1c.bin and TACACS

Enrique

Am I correct in understanding your post to be that TACACS worked ok when running 12.3(19) and did not work when running 12.4(1c)? I am not aware of anything in 12.4 that prevents TACACS or changes it significantly. Did anything else change in the router?

It would be very helpful to know what the TACACS server was reporting about the attempt to authenticate? Was the TACACS server generating error messages in the failed attempts log? What were the error messages?

Is it possible that in adding the 4 FastEthernet WIC that addressing changed and the TACACS request is now coming from a different source address? Does your config include the ip tacacs source-interface command?

Let us know the answers to these questions and perhaps we can find the answer.

HTH

Rick

New Member

Re: c1700-k9o3sy7-mz.124-1c.bin and TACACS

HI Rick,

Yes, you are rightt, TACACS was working fine with the 12.3 version.

There was changes in the configuration but the last troublesooting task we was trying was upload an older startup-config file. The TACACS server is'n managed by us, but our box was reachable from it, and downgrading the IOS was the only solution... it sounds like a bug...

So.. the solution has been creating interfaces dot1q and forget any redundancy capability.

Cheers,

220
Views
0
Helpful
2
Replies
CreatePlease login to create content