Hello,

I have a issue with tacacs after I upgraded the cisco 9500 stackwise to code 16.12.2!

The router doesn't accept the tacacs password but only local password. After authenticated with local password it goes to enable mode and accepts tacacs password. I have checked the aaa configurations with other routers which works fine with tacacs (different code)  and it is exactly the same.

aaa authentication debug:

May 19 14:23:41.747 AEST: AAA/BIND(00000017): Bind i/f
May 19 14:23:41.747 AEST: AAA/AUTHEN/LOGIN (00000017): Pick method list 'nwadmin_authen'
May 19 14:23:41.747 AEST: AAA/AUTHEN/ENABLE(00000017): Processing request action LOGIN
May 19 14:23:41.747 AEST: AAA/AUTHEN/ENABLE(00000017): Done status GET_PASSWORD

May 19 14:23:53.462 AEST: AAA/AUTHEN/ENABLE(00000017): Processing request action LOGIN
May 19 14:23:53.487 AEST: AAA/AUTHEN/ENABLE(00000017): Done status FAIL - bad password

May 19 14:23:55.488 AEST: AAA/AUTHEN/LOGIN (00000017): Pick method list 'nwadmin_authen'
May 19 14:23:55.489 AEST: AAA/AUTHEN/ENABLE(00000017): Processing request action LOGIN
May 19 14:23:55.489 AEST: AAA/AUTHEN/ENABLE(00000017): Done status GET_PASSWORD

May 19 14:24:05.594 AEST: AAA/AUTHEN/ENABLE(00000017): Processing request action LOGIN
May 19 14:24:05.619 AEST: AAA/AUTHEN/ENABLE(00000017): Done status FAIL - bad password

May 19 14:24:07.620 AEST: AAA/AUTHEN/LOGIN (00000017): Pick method list 'nwadmin_authen'
May 19 14:24:07.620 AEST: AAA/AUTHEN/ENABLE(00000017): Processing request action LOGIN
May 19 14:24:07.620 AEST: AAA/AUTHEN/ENABLE(00000017): Done status GET_PASSWORD
when I put in the local secret I get the below debug:
May 19 14:24:15.086 AEST: AAA/AUTHEN/ENABLE(00000017): Processing request action LOGIN
May 19 14:24:15.110 AEST: AAA/AUTHEN/ENABLE(00000017): Done status PASS

I have attached the aaa config.

Any help is appreciated.

regards