Guest

Preview Tool

Cisco Bug: CSCvt08071 - AAA is failing for servers that are reachable

Last Modified

Apr 23, 2020

Products (1)

  • Cisco Nexus 7000 Series Switches

Known Affected Releases

7.3(2)D1(2)

Description (partial)

Symptom:
Customer is not able to authenticate in N7K using Tacacs. Connectivity towards Tacacs Server is working properly. Authorization is also not working if customer logs in with Local account (it is falling back to local)

Conditions:
Customer suddently is unable to authenticate in a N7K, following message appears:

"Remote AAA servers unreachable"

-> PING is WORKING (removed IPs for confidential)

# ping xxxxx vrf management
PING xxxxx (xxxxx): 56 data bytes
64 bytes from xxxxx: icmp_seq=0 ttl=248 time=1.584 ms
64 bytes from xxxxx: icmp_seq=1 ttl=248 time=1.536 ms
64 bytes from xxxxx: icmp_seq=2 ttl=248 time=1.428 ms
64 bytes from xxxxx: icmp_seq=3 ttl=248 time=1.442 ms
64 bytes from xxxxx: icmp_seq=4 ttl=248 time=1.442 ms

-> TELNET to port 49 OPENS but then SUDDENTLY CLOSES

# telnet xxxxxx vrf management
Trying xxxxx...
Connected to xxxxx.
Escape character is '^]'.
Connection closed by foreign host.

-> Some stuck MTS messagegs seen in the N7K, some of those related with 'MTS_OPC_AAA_VSH_AUTHOR_NOTIFY'

-> Event history
68) Event:E_DEBUG, length:88, at 632396 usecs after Fri Feb 14 21:50:09 2020
[100] switch_tac_server: Unreachable servers case .setting error code for aaa session 0
169) Event:E_DEBUG, length:77, at 632395 usecs after Fri Feb 14 21:50:09 2020
[100] switch_tac_server: no more server in the server group for aaa session 0
170) Event:E_DEBUG, length:57, at 632340 usecs after Fri Feb 14 21:50:09 2020
[100] clean_up_sock_sm_node: free sock_sm_node(0x121ed44c)
171) Event:E_DEBUG, length:66, at 631910 usecs after Fri Feb 14 21:50:09 2020
[100] switch_tac_server(3086): cleaning up sock_sm_node(0x121ed44c)
172) Event:E_DEBUG, length:102, at 631906 usecs after Fri Feb 14 21:50:09 2020
[100] switch_tac_server(3053): tplus_sm(0x100d2740) sock_sm_node(0x121ed44c) entering for aaa session 0
173) Event:E_DEBUG, length:114, at 631901 usecs after Fri Feb 14 21:50:09 2020
[105] aaa_mark_server_dead : error in reading global server monitor info. 0x409b001a. Server will not be monitored.
174) Event:E_DEBUG, length:126, at 631894 usecs after Fri Feb 14 21:50:09 2020
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.