[c-nsp] 12.2(33)SRB, ip tacacs command on 7604
Munroe, James (DSS/MAS)
James.Munroe at gnb.ca
Thu Sep 27 08:50:17 EDT 2007
SRB2 is scheduled to be released tomorrow...I'm also waiting on that
build :-)
-----Original Message-----
From: Justin Shore [mailto:justin at justinshore.com]
Sent: Wednesday, September 26, 2007 11:06 PM
To: Christian Bering
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] 12.2(33)SRB, ip tacacs command on 7604
Christian Bering wrote:
>> aaa group server tacacs+ tacmethod
>> server-private x.x.x key 7 yyyyyy
>> ip tacacs source-interface Loopback0
>
> That worked for us but not until I removed the old parts:
>
> no tacacs-server host x.x.x.x
> no tacacs-server directed-request
> no tacacs-server key yyyy
This didn't fix it for us unfortunately.
> Crashed the router once while fiddling around with it but it got
> working.
We didn't crash but we had 99% CPU due to a TACACS bug that was
exasperated by the whole situation.
> But I have to recommend against SRB in a production environment. SRB1
> also. Wait for SRB2 if possible.
Unfortunately many of us service providers in the US are stuck in a
situation we we're legally required to run SRB or later to get a
specific feature, namely CALEA support.
Justin
More information about the cisco-nsp
mailing list