Preview Tool

Cisco Bug: CSCul38379 - After k9sec pie act/deact tacacs does not use "update-source"

Last Modified

Jul 21, 2018

Products (1)

  • Cisco ASR 9000 Series Aggregation Services Routers

Known Affected Releases


Description (partial)

tacacsd generates packets with source address as the physical interface address rather than the interface specified with "tacacs source-interface [int id] ".

TACACS authentication is unsuccessful when "Client Verification" is enabled on TACACS server.

This is seen after k9sec (crypto pie) activation or deactivation

This behavior is seen with router reloads and after  upgrades in the client network.

This is reproducible with the below in the lab environment. 
#install deactivate disk0:asr9k-k9sec-px-4.3.2 
#install activate disk0:asr9k-k9sec-px-4.3.2
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.