Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1453
Views
0
Helpful
2
Replies

tacacs-server dns-alias-lookup

cclem
Level 1
Level 1

‎05-14-2013 04:44 PM - edited ‎03-10-2019 08:25 PM

All IOS commands entered in the switch take 18 seconds to process.  I noticed that the following command tacacs-server dns-alias-lookup was enabled.  Disabling this command allows the switch to process the IOS commands without any delay.

I can't find any detailed information regarding this use of this command. Can someone provide a real world business use as to when is it appropriate to enable this command?

Labels:
0 Helpful
2 Replies 2

Jatin Katyal
Cisco Employee
Cisco Employee

‎05-14-2013 05:42 PM

We use this command to enable IP Domain Name System (DNS) alias lookup for TACACS+ servers. Due to this it does reverse dns lookup. In scnarios where we don't have a dns server configured or defined, command cause a dns request to be generated  and it uses broadcast domain (255.255.255.255) and eventually timed out and adds lots of delay.

There are few tacacs+ related known issue with this command. Here is one of those.

CSCtc94806    tacacs-server dns-alias-lookup causes high CPU on TPLUS process

Jatin Katyal
- Do rate helpful posts -

~Jatin
0 Helpful

minkumar
Level 1
Level 1

‎05-14-2013 05:53 PM

Hey

  its a  bug in IOS 15.1, in case if you are using IOS 15.1

Regards

Minakshi (Do rate the helpful posts)

0 Helpful
Customers Also Viewed These Support Documents