[c-nsp] SXI(3) code status?
Mark Tinka
mtinka at globaltransit.net
Wed Nov 18 06:01:58 EST 2009
On Wednesday 18 November 2009 06:40:39 pm Daniska, Tomas
wrote:
> Which one that was? We've been hit by a bug when using
> TAC+ out of a VRF. Initial user authentication is OK, but
> the subsequent enable auth outgoing packets do not have
> the proper VRF set and go out the GRT instead. Funny
> enough, the return packet returns via the VRF and the box
> eats it.
In our case, using TACACS+ also, initial user
authentications works fine, but the switch refuses to
authenticate against the regular enable password and instead
chooses the fallback password.
In all honesty, we didn't debug this for too long because we
only have 4 units in operation (core), were too busy with
other stuff, and we could just work around it by adjusting
RANCID's .cloginrc details (which were the most important).
The issue is fixed in SXI2a (perhaps even earlier, in later
versions post SXH3), and we didn't do anything to our
TACACS+ backend.
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20091118/736b29dd/attachment.bin>
More information about the cisco-nsp
mailing list