cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1140
Views
0
Helpful
1
Replies

7200VXR randomly stops tacacs auth until reload

Hi All,

Wonder if anyone has come across this issue.  We use tacacs authentication across the whole of our infrastructure, and have indentified an issue with some of our 7200vxr 's suddenly failing to communicate with the TACACS server after a period of time.

Investigation reveals that it is not specifically a network problem, and the debugging the tacacs activity on the router reveals the following:

Sep 22 12:53:12 UTC: TPLUS: Queuing AAA Authentication request 308 for processing

Sep 22 12:53:12 UTC: TPLUS: processing authentication start request id 308

Sep 22 12:53:12 UTC: TPLUS: Authentication start packet created for 308()

Sep 22 12:53:12 UTC: TPLUS: Using server 10.5.0.7

Sep 22 12:53:12 UTC: TPLUS(00000134)/1: Socket bind failed for id = 0.

After reloading the router, it is again able to perform authentication.  On the face of it I would say there might be a buffer or memory leak somewhere in the IOS, but can find no related bugs or even other documents reflecting this issue on CCO or bug toolkit.

IOS version is 12.2(33)SRE2 with advanced IP services featureset.

Looking through release notes of the various IOS versions I see nothing directly addressing this issue either.

Anyone come across this before ?

Thanks,

Leland

1 Accepted Solution

Accepted Solutions

Tarik Admani
VIP Alumni
VIP Alumni

Are you using single connect configuration for the tacacs-servers? When the issue occurs can you issue a show tcp brief and see if there is a connection established for port 49?

Try removing the single-connection configuration and see if clearing the tcb of the tacacs connection helps authenticate if you can get in using console or fallback.

Thanks,

Tarik Admani

View solution in original post

1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

Are you using single connect configuration for the tacacs-servers? When the issue occurs can you issue a show tcp brief and see if there is a connection established for port 49?

Try removing the single-connection configuration and see if clearing the tcb of the tacacs connection helps authenticate if you can get in using console or fallback.

Thanks,

Tarik Admani