[RADIATOR] Cisco NX-OS TACACS+ problems

Alexander Hartmaier alexander.hartmaier at t-systems.at
Fri Oct 11 03:38:07 CDT 2013


Hi,
our switching guys reported that their Cisco Nexus switches running NX-OS log that their can't reach the tacacs servers. This is what the troubleshooting brought up:

2013 Oct 11 08:47:37.061 sgv20s %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond

149) Event:E_MTS_TX, length:60, at 60683 usecs after Fri Oct 11 08:47:37 2013
    [RSP] Opc:MTS_OPC_TACACS_AAA_REQ(8421), Id:0X0A287795, Ret:SUCCESS
    Src:0x00000501/112, Dst:0x00000501/111, Flags:None
    HA_SEQNO:0X00000000, RRtoken:0x0A287778, Sync:UNKNOWN, Payloadsize:26
    Payload:
    0x0000:  01 03 01 00 3b a2 66 be 00 00 00 00 00 02 00 00


150) Event:E_MTS_RX, length:60, at 46447 usecs after Fri Oct 11 08:47:37 2013
    [REQ] Opc:MTS_OPC_TACACS_AAA_REQ(8421), Id:0X0A287778, Ret:SUCCESS
    Src:0x00000501/111, Dst:0x00000501/0, Flags:None
    HA_SEQNO:0X00000000, RRtoken:0x0A287778, Sync:UNKNOWN, Payloadsize:371
    Payload:
    0x0000:  01 03 0c 00 00 00 00 00 00 00 00 00 00 00 02 00


According to Cisco the accounting responses from Radiator (version 4.11 with patches revision 1.1530) contain errors:

Accounting Statistics
        failed transactions: 1865
        successful transactions: 0
        requests sent: 1865
        requests timed out: 4
        responses with no matching requests: 0
        responses not processed: 0
        responses containing errors: 1861


Did someone else notice these problems? Authentication works without any problems.

--
Best regards, Alexander Hartmaier

T-Systems Austria GesmbH
TSS Security Services
Network Security & Monitoring Engineer

phone: +43(0)57057-4320
fax: +43(0)57057-954320



*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20131011/bffd61af/attachment.html 


More information about the radiator mailing list