Matt_A

This is happening on the accounting commands. The accounting commands have always had some options that you could specify about when to generate the accounting record. And the default option would not show up in the running config (as most default options do not show up in the running config). When Cisco makes a default option show up in the running config that usually indicates that either there has been a change in the default behavior or that some change is anticipated. I am guess that this change is one of those.

HTH

Rick

  I think that started for some reason when they went to 15.X  universal code for some reason.  Just like they moved the location of any ACL's when they went to 15.X code.  They used to be at the bottom ,now they are at the top of the config.

Thanks Rick and Glen for the replies – The only problem is that we have numerous 2911, all with same hardware configuration & same IOS,

and during the initial configuration, in which the “aaa” portion of the configs are pasted in from a common template, some routers  look as expected (i.e. single line per aaa command) and some end up having three lines per aaa command.  We are still trying to recreate in our lab, but with no success yet.

Matt_A

While I want to believe your assertion that all routers are running the same IOS version on the same hardware, I still believe that the symptoms where some use multiple lines for the aaa accounting and some do not, that this suggests that there is a hardware or (more likely) software difference between the routers. Could you post for us the  output of show version and the appropriate part of show run from a router that has it on a single line (as expected) and from a router that uses multiple lines.

HTH

Rick

Rick, below is the requested info...

ROUTER 11 - single line (operating as expected)

R11#dir flash0: | include bin

Directory of flash0:/

    1  -rw-    68218660  Apr 19 2011 17:30:48 -05:00  c2900-universalk9-mz.SPA.151-3.T1.bin

R11#show version | i IOS

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(3)T1, RELEASE SOFTWARE (fc2)

R11#show inventory       

NAME: "CISCO2911/K9 chassis", DESCR: "CISCO2911/K9 chassis"

PID: CISCO2911/K9      , VID: V02 , SN: FTX1517AN4A

NAME: "WAN Interface Card - HWIC CSU/DSU on Slot 0 SubSlot 0", DESCR: "WAN Interface Card - HWIC CSU/DSU"

PID: HWIC-1DSU-T1      , VID: V02 , SN: FOC150700Y0

NAME: "WAN Interface Card - HWIC CSU/DSU on Slot 0 SubSlot 1", DESCR: "WAN Interface Card - HWIC CSU/DSU"

PID: HWIC-1DSU-T1      , VID: V02 , SN: FOC15070114

NAME: "C2911 AC Power Supply", DESCR: "C2911 AC Power Supply"

PID: PWR-2911-AC       , VID: V03 , SN: DCA1508R2ME

R11#show running | section aaa

aaa new-model

aaa authentication login default group tacacs+ line

aaa authentication enable default group tacacs+ enable

aaa authentication ppp default group tacacs+ local

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 0 default group tacacs+ local if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa authorization network default group tacacs+

aaa accounting send stop-record authentication failure

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

aaa session-id common

ROUTER 12 - router that uses multiple lines

R12#show version | i IOS

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(3)T1, RELEASE SOFTWARE (fc2)

R12#dir flash0:  | include bin

Directory of flash0:/

    1  -rw-    68218660  Apr 27 2011 09:39:12 -05:00  c2900-universalk9-mz.SPA.151-3.T1.bin

R12#show inventory

NAME: "CISCO2911/K9 chassis", DESCR: "CISCO2911/K9 chassis"

PID: CISCO2911/K9      , VID: V02 , SN: FTX1517AN4P

NAME: "WAN Interface Card - HWIC CSU/DSU on Slot 0 SubSlot 0", DESCR: "WAN Interface Card - HWIC CSU/DSU"

PID: HWIC-1DSU-T1      , VID: V02 , SN: FOC150700XV

NAME: "WAN Interface Card - HWIC CSU/DSU on Slot 0 SubSlot 1", DESCR: "WAN Interface Card - HWIC CSU/DSU"

PID: HWIC-1DSU-T1      , VID: V02 , SN: FOC15070253

NAME: "C2911 AC Power Supply", DESCR: "C2911 AC Power Supply"

PID: PWR-2911-AC       , VID: V03 , SN: AZS151000CS

R12#show running-config | section aaa

aaa new-model

aaa authentication login default group tacacs+ line

aaa authentication enable default group tacacs+ enable

aaa authentication ppp default group tacacs+ local

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 0 default group tacacs+ local if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa authorization network default group tacacs+

aaa accounting send stop-record authentication failure

aaa accounting exec default

action-type start-stop

group tacacs+

aaa accounting commands 0 default

action-type start-stop

group tacacs+

aaa accounting commands 1 default

action-type start-stop

group tacacs+

aaa accounting commands 15 default

action-type start-stop

group tacacs+

aaa accounting network default

action-type start-stop

group tacacs+

aaa accounting connection default

action-type start-stop

group tacacs+

aaa accounting system default

action-type start-stop

group tacacs+

aaa session-id common

thanks for you help.  Matt_A

Matt_A

Thanks for posting the information that I requested. It certainly looks like similar hardware and the same IOS image file. Is it possible that the licensing is any different between the two routers?

HTH

Rick

Richard,

The answer to your question is that the license(s) appear the same on both R11 & R12 (see below).

One new data point is the we were able to fix a router that uses multiple lines by removing the aaa, and reapplying desired aaa comands. Now the in the "show run" output, the aaa commands are displayed on a single line.  We still have a few routers that are in this state (i.e. three line display), but all aaa functions seem to be working properly on them. So it appears to be only cosmetic, but still is baffling that some new 2911 do it, and some do not. I would say approx 10% of the ones we have deployed to date have had it.

thanks,

Matt_A

Matt_A

Thanks for posting the additional information. Yes it does look like the licenses are the same, and the IOS is the same, and the platform is the same. I still believe that there is some difference which causes the aaa accounting commands to be shown in different format.

It is interesting to know that if you remove and re-add the aaa commands that the router with multi line output will then use single line output.

I have felt  though the entire discussion that the difference was some cosmetic thing in the parser which displays the config and not some functional different in behavior.

HTH

Rick