Guest

Preview Tool

Cisco Bug: CSCul38379 - After k9sec pie act/deact tacacs does not use "update-source"

Last Modified

Jul 21, 2018

Products (1)

  • Cisco ASR 9000 Series Aggregation Services Routers

Known Affected Releases

4.3.2.BASE

Description (partial)

Symptom:
tacacsd generates packets with source address as the physical interface address rather than the interface specified with "tacacs source-interface [int id] ".

TACACS authentication is unsuccessful when "Client Verification" is enabled on TACACS server.

This is seen after k9sec (crypto pie) activation or deactivation

Conditions:
This behavior is seen with router reloads and after  upgrades in the client network.

This is reproducible with the below in the lab environment. 
#install deactivate disk0:asr9k-k9sec-px-4.3.2 
#install activate disk0:asr9k-k9sec-px-4.3.2
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.