Guest

Preview Tool

Cisco Bug: CSCtc29220 - On boot, TACACS server is marked FAILED if defined by DNS name

Last Modified

Nov 08, 2016

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.2(1) 8.2(1.11)

Description (partial)

Symptom:
If a TACACS server is defined via a DNS hostname, then upon boot 
the ASA will mark the TACACS server as "FAILED".  

If the default "reactivation-mode depletion" is used, then the server 
will only be marked as ACTIVE after the deadtime expires (by default 
it is 10 minutes).

If the aaa-server group is configured for "reactivation-mode timed", 
then the server will be marked as ACTIVE after 30 seconds.


Conditions:
An AAA server is defined in the configuration via DNS name

Example
   aaa-server tacacs protocol tacacs+
   aaa-server tacacs (inside) host aaa01.cisco.com
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.