Cisco Bug: CSCul38379 - After k9sec pie act/deact tacacs does not use "update-source"

Last Modified

Jul 21, 2018

Products (1)

Cisco ASR 9000 Series Aggregation Services Routers

Known Affected Releases

4.3.2.BASE

Description (partial)

Symptom:
tacacsd generates packets with source address as the physical interface address rather than the interface specified with "tacacs source-interface [int id] ".

TACACS authentication is unsuccessful when "Client Verification" is enabled on TACACS server.

This is seen after k9sec (crypto pie) activation or deactivation

Conditions:
This behavior is seen with router reloads and after  upgrades in the client network.

This is reproducible with the below in the lab environment. 
#install deactivate disk0:asr9k-k9sec-px-4.3.2 
#install activate disk0:asr9k-k9sec-px-4.3.2

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts