Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
865
Views
0
Helpful
7
Replies

Nexus 7010 AAA Issues/Questions

Go to solution
dtran
Level 6
Level 6

‎09-21-2011 03:17 PM - edited ‎03-07-2019 02:21 AM

Hi all !!! Hope everyone is doing well !!

I am working on configuring a pair of Nexus 7010, this is a new install. I've got the switches connected to the network via the Mgmt0 interface and this is the only connection that I can get to them for the time being. AAA is configured and working but for some reason when I try to SSH to either one there is a delay about 30 seconds for the password prompt to come up. So after I type in the username it takes about 30 seconds for the password prompt to come up. The delay occurs after I added the SVI's on the 7010 but prior to that there was no delay. Has anyone seen this issue ? I have no idea why adding the SVI's would cause this delay.

Thanks in advance for any inputs/suggestions !!!

D.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee
In response to Jerry Ye

‎09-21-2011 04:39 PM

Not a problem.

I think I know the issue. Do a no ip domain-lookup and let me know the test result.

Regards,

jerry

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee

‎09-21-2011 03:30 PM

Did you specified tacacs to use the management VRF?

Regards,

jerry

0 Helpful

Go to solution
dtran
Level 6
Level 6
In response to Jerry Ye

‎09-21-2011 04:19 PM

Hi Jeye !! Below is what I've configured on the 7010. I notice the delay after I added the SVI's and if I shutdown all the SVI's then there is no delay. Thanks !!! I appreciate your response !!!!!!

ip tacacs source-interface mgmt0

tacacs-server timeout 3

tacacs-server host 172.16.9.161

aaa group server tacacs+ tacacs

    server 172.16.9.161

    use-vrf management

0 Helpful

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee
In response to dtran

‎09-21-2011 04:33 PM

What version are you running? Also, do you have ip domain-lookup enabled?

Regards,

jerry

0 Helpful

Go to solution
dtran
Level 6
Level 6
In response to Jerry Ye

‎09-21-2011 04:38 PM

Hi Jerry !!! Really appreciate your help !!!!!

I am running 5.2.1 and yes, ip domain-lookup is enabled.

Thanks !!!

D.

0 Helpful

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee
In response to Jerry Ye

‎09-21-2011 04:39 PM

Not a problem.

I think I know the issue. Do a no ip domain-lookup and let me know the test result.

Regards,

jerry

0 Helpful

Go to solution
dtran
Level 6
Level 6
In response to Jerry Ye

‎09-21-2011 04:46 PM

That did it Jerry !!! very much appreciate your help !!!!!

"no ip domain-lookup" fixed it. Could you explain why that happens with SVI enabled ?

Thanks Jerry !!!!

D.

0 Helpful

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee
In response to dtran

‎09-21-2011 05:38 PM

When you telnet or ssh into the N7K, the Nexus7000 actually performs reverse DNS lookup (which is required by SSH server daemons) for the PC's IP address. This causes almost 40 seconds before the user gets prompt.

There is an enhancement bug filed against this

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtj78989

The current workaround is no ip domain-lookup.

HTH,

jerry

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card