Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1003
Views
0
Helpful
1
Replies

7200VXR randomly stops tacacs auth until reload

Go to solution
LELAND VANDERVORT
Level 1
Level 1

‎09-22-2011 06:58 AM - edited ‎03-10-2019 06:25 PM

Hi All,

Wonder if anyone has come across this issue.  We use tacacs authentication across the whole of our infrastructure, and have indentified an issue with some of our 7200vxr 's suddenly failing to communicate with the TACACS server after a period of time.

Investigation reveals that it is not specifically a network problem, and the debugging the tacacs activity on the router reveals the following:

Sep 22 12:53:12 UTC: TPLUS: Queuing AAA Authentication request 308 for processing

Sep 22 12:53:12 UTC: TPLUS: processing authentication start request id 308

Sep 22 12:53:12 UTC: TPLUS: Authentication start packet created for 308()

Sep 22 12:53:12 UTC: TPLUS: Using server 10.5.0.7

Sep 22 12:53:12 UTC: TPLUS(00000134)/1: Socket bind failed for id = 0.

After reloading the router, it is again able to perform authentication.  On the face of it I would say there might be a buffer or memory leak somewhere in the IOS, but can find no related bugs or even other documents reflecting this issue on CCO or bug toolkit.

IOS version is 12.2(33)SRE2 with advanced IP services featureset.

Looking through release notes of the various IOS versions I see nothing directly addressing this issue either.

Anyone come across this before ?

Thanks,

Leland

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎10-04-2011 08:12 PM

Are you using single connect configuration for the tacacs-servers? When the issue occurs can you issue a show tcp brief and see if there is a connection established for port 49?

Try removing the single-connection configuration and see if clearing the tcb of the tacacs connection helps authenticate if you can get in using console or fallback.

Thanks,

Tarik Admani

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎10-04-2011 08:12 PM

Are you using single connect configuration for the tacacs-servers? When the issue occurs can you issue a show tcp brief and see if there is a connection established for port 49?

Try removing the single-connection configuration and see if clearing the tcb of the tacacs connection helps authenticate if you can get in using console or fallback.

Thanks,

Tarik Admani

0 Helpful
Customers Also Viewed These Support Documents