08-25-2012 06:18 AM - edited 03-10-2019 07:27 PM
Device: 3841
IOS: 15.1(4)M2 ADVSecurity
Commands: AAA Authorization
Problem: Commands take approximately 8 seconds to process when required to authorize with ACS.
Example: The show run command will take 8 seconds to process then output is displayed.
Symptoms: Packet sniff indicates that it takes 8 seconds for the router to send the initial TCP SYN SEQ packet to ACS.
Login to device has no delay
Does anyone know of any bug or other documentation that addresses this symptom and/or problem?
Thank you.
Tom
08-25-2012 10:59 AM
There is a bug with the single connect flag being set. You have that set by any chance?
Are you using host names or ip addresses in your configuration?
Sent from Cisco Technical Support iPad App
08-25-2012 05:21 PM
We are not using single connect and we are using ip addresses.
08-25-2012 06:52 PM
Please post the show run | inc aaa and show run | inc tacacs.
Can you also run two seperate session so the unit and post the debug output of (debug aaa authentication) then run the "test aaa group tacacs+
Also with the debugs turned off, if you issue a telnet
Thanks,
Tarik Admani
*Please rate helpful posts*
08-27-2012 01:46 AM
Well good news, you had me looking down the right path. I debugged AAA Authorization and found that for the two commands:
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
the router actually tries to resolve the IP addresses to host names. We had the TACACS servers in by IP but did not have the "no ip domain lookup command" on the box. When I put that command in everything went nice and fast. Thanks for the help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide