Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
666
Views
0
Helpful
3
Replies

VTY config statement disappears after IOS upgrade

Go to solution
michael_polidore
Level 1
Level 1

‎06-30-2022 04:31 AM

Having an odd occurrence that is repeatable. After upgrading C9300 from IOS 16.12.4 to 16.12.5b, we lose the config statement "authorization exec vtymethod". Config sample below. Only happens with vty 0-4, does not effect vty 5-15. Tried upgrading to 16.12.6, same issue. Have to re-add the config statement as it effects the ability to access the switch. Case open with Cisco, but seems to be a low priority. 

 

line vty 0 4
access-class VTY-ACL-IN in vrf-also
access-class VTY-ACL-OUT out
exec-timeout 15 0
authorization exec vtymethod
logging synchronous
login authentication vtymethod
transport preferred ssh
transport input ssh
transport output ssh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to michael_polidore

‎06-30-2022 09:59 AM

Sure and glad it helped you to get bottom of the problem. let us know how it goes the fix and upgrade.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-30-2022 04:55 AM - edited ‎06-30-2022 04:55 AM

Looks for me bug : ( not sure - do you have AAA config) ?

 

https://bst.cisco.com/bugsearch/bug/CSCvy58894

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
michael_polidore
Level 1
Level 1
In response to balaji.bandi

‎06-30-2022 08:03 AM

I think you nailed it with that bug find. Plans are in the works to go to Version 17 eventually. Presently reviewing bug scrubs. 

This is the AAA section. 

aaa authentication login default group tacacs+ local
aaa authentication login dnac-cts-list group dnac-client-radius-group local
aaa authentication login auxmethod group tacacs+ enable
aaa authentication login vtymethod group tacacs+ enable
aaa authentication login ttymethod none
aaa authentication login conmethod group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authentication dot1x default group dnac-client-radius-group
aaa authorization exec default group tacacs+ local
aaa authorization exec vtymethod group tacacs+ if-authenticated
aaa authorization commands 1 vtymethod group tacacs+ if-authenticated
aaa authorization commands 15 vtymethod group tacacs+ if-authenticated
aaa authorization network default group dnac-client-radius-group
aaa authorization network dnac-cts-list group dnac-client-radius-group
aaa accounting update newinfo periodic 2880
aaa accounting identity default start-stop group dnac-client-radius-group
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+

 

Sounds like we have a workaround until the bug get fixed in a later release. We just re-add the statement. 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to michael_polidore

‎06-30-2022 09:59 AM

Sure and glad it helped you to get bottom of the problem. let us know how it goes the fix and upgrade.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents