Guest

Preview Tool

Cisco Bug: CSCvi10474 - TACACS Authentication fails with "DNS cache fail"

Last Modified

Nov 14, 2019

Products (15)

  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 7000 10-Slot Switch
  • Cisco MDS 9710 Multilayer Director
  • Cisco MDS 9148S 16G Multilayer Fabric Switch
  • Cisco Nexus 7000 4-Slot Switch
  • Cisco MDS 9250i Multiservice Fabric Switch
  • Cisco Nexus 7700 6-Slot Switch
  • Cisco Nexus 7700 18-Slot Switch
  • Cisco Nexus 7000 18-Slot Switch
  • Cisco MDS 9396S 16G Multilayer Fabric Switch
View all products in Bug Search Tool Login Required

Known Affected Releases

8.1(1)

Description (partial)

Symptom:
Debug:
2018 Feb  6 15:28:59.243007 tacacs: connect_tac_server: Socket tree look up key is HOSTNAMETACACS1/49/management/25f30000
2018 Feb  6 15:29:00.256020 tacacs: non_blocking_connect(329): getaddrinfo(DNS cache fail) with retcode:-2(host nor service provided, or not known) for server:HOSTNAMETACACS1
2018 Feb  6 15:29:00.256051 tacacs: connect_tac_server

Event history from TACACS:
XYZ# show system internal tacacs+ event-history errors

1) Event:E_DEBUG, length:88, at 670464 usecs after Tue Feb  6 15:27:49 2018
    [100] switch_tac_server:  Unreachable servers case .setting error code  for aaa session 0


2) Event:E_DEBUG, length:77, at 670462 usecs after Tue Feb  6 15:27:49 2018
    [100] switch_tac_server:  no more server in the server group for aaa session 0


3) Event:E_DEBUG, length:97, at 670432 usecs after Tue Feb  6 15:27:49 2018
    [100] switch_tac_server(3480): tplus_sm(0x101280c0) sock_sm_node((nil)) entering for aaa session 0


4) Event:E_DEBUG, length:114, at 670420 usecs after Tue Feb  6 15:27:49 2018
    [105] aaa_mark_server_dead : error in reading global server monitor info. 0x409b001a. Server will not be monitored.


5) Event:E_DEBUG, length:126, at 670414 usecs after Tue Feb  6 15:27:49 2018
    [105] aaa_mark_server_dead : error in reading server monitor info for 2. 0x409b001a. Using global server monitoring parameters.


6) Event:E_DEBUG, length:103, at 670393 usecs after Tue Feb  6 15:27:49 2018
    [100] connect_tac_server: non blocking connect failed, switching server for aaa session id(0) rtvalue(3)


7) Event:E_DEBUG, length:141, at 670386 usecs after Tue Feb  6 15:27:49 2018
    [100] non_blocking_connect(329): getaddrinfo(DNS cache fail) with retcode:-2(host nor service provided, or not known) for server:HOSTNAMETACACS1


8) Event:E_DEBUG, length:88, at 657425 usecs after Tue Feb  6 15:27:48 2018
    [100] connect_tac_server: Socket tree look up key is HOSTNAMETACACS1/49/management/64eb0000

Conditions:
N7K

version 8.1(1)
feature tacacs+

ip tacacs source-interface mgmt0
tacacs-server host HOSTNAMETACACS1 key 7 "xxxxxxxxxxxxxxxxxxxxxxxxxx"
tacacs-server host HOSTNAMETACACS2 key 7 "xxxxxxxxxxxxxxxxxxxxxxxxxx"
aaa group server tacacs+ TTT-tacacs
    server HOSTNAMETACACS1
    server HOSTNAMETACACS2
    use-vrf management
    source-interface mgmt0

!Command: show running-config aaa
!Time: Tue Feb 13 15:13:19 2018

version 8.1(1)
aaa authentication login default group TTT-tacacs
aaa authentication login console local
aaa authorization config-commands default group TTT-tacacs local
aaa authorization commands default group TTT-tacacs local
aaa accounting default group TTT-tacacs
tacacs-server directed-request
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.