Cisco Bug: CSCul38379 - After k9sec pie act/deact tacacs does not use "update-source"
Jul 21, 2018
- Cisco ASR 9000 Series Aggregation Services Routers
Known Affected Releases
Symptom: tacacsd generates packets with source address as the physical interface address rather than the interface specified with "tacacs source-interface [int id] ". TACACS authentication is unsuccessful when "Client Verification" is enabled on TACACS server. This is seen after k9sec (crypto pie) activation or deactivation Conditions: This behavior is seen with router reloads and after upgrades in the client network. This is reproducible with the below in the lab environment. #install deactivate disk0:asr9k-k9sec-px-4.3.2 #install activate disk0:asr9k-k9sec-px-4.3.2
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases