Mailing List Archive: Cisco: NSP

Metro Ethernet Switches

Index | Next | Previous | View Threaded

eng_mssk at hotmail

Nov 24, 2009, 5:32 AM

Post #1 of 6 (828 views)
Permalink

Metro Ethernet Switches

hey all

i have a cisco metro switch with IOS 12.2 35SE
when i upgraded the IOS image to 12.2 52 SE
the tacacs could not work well as it was in the previous image even though i had the same configuration
any thoughts ?

_________________________________________________________________
Keep your friends updated—even when you’re not signed in.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

ianh at ianh

Nov 24, 2009, 5:42 AM

Post #2 of 6 (786 views)
Permalink

Re: Metro Ethernet Switches [In reply to]

On Tue, 24 Nov 2009, Mohammad Khalil wrote:

> the tacacs could not work well as it was in the previous image even
> though i had the same configuration any thoughts ?

Try adding the plaintext key again ('tacacs-server key xxx'). I've seen
some IOS upgrades need it re-obfuscated to make it work. Just copy/pasting
the existing obfuscated key won't work.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

MatlockK at exempla

Nov 24, 2009, 6:48 AM

Post #3 of 6 (784 views)
Permalink

Re: Metro Ethernet Switches [In reply to]

Another thing to look at is the tacacs source-interface.

If you don't have it in there, tie it to a loopback.

If you do have it in there, verify the IP of the interface, and also try
removing it.

I've seen a few times after an upgrade that either removing it, or
adding it 'magically' fixed the problem.

Ken Matlock
Network Analyst
Exempla Healthcare
(303) 467-4671
matlockk [at] exempla

-----Original Message-----
From: cisco-nsp-bounces [at] puck
[mailto:cisco-nsp-bounces [at] puck] On Behalf Of Ian Henderson
Sent: Tuesday, November 24, 2009 6:43 AM
To: Mohammad Khalil
Cc: cisco-nsp [at] puck
Subject: Re: [c-nsp] Metro Ethernet Switches

On Tue, 24 Nov 2009, Mohammad Khalil wrote:

> the tacacs could not work well as it was in the previous image even
> though i had the same configuration any thoughts ?

Try adding the plaintext key again ('tacacs-server key xxx'). I've seen
some IOS upgrades need it re-obfuscated to make it work. Just
copy/pasting
the existing obfuscated key won't work.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

BBlackford at nwresd

Nov 24, 2009, 8:54 AM

Post #4 of 6 (804 views)
Permalink

Re: Metro Ethernet Switches [In reply to]

I recall having some of my aaa config options slightly changing syntax after upgrading. Sounds like you've verified this, but it may be worth double-checking.

-b

-----Original Message-----
From: cisco-nsp-bounces [at] puck [mailto:cisco-nsp-bounces [at] puck] On Behalf Of Mohammad Khalil
Sent: Tuesday, November 24, 2009 5:32 AM
To: cisco-nsp [at] puck
Subject: [c-nsp] Metro Ethernet Switches

hey all

i have a cisco metro switch with IOS 12.2 35SE
when i upgraded the IOS image to 12.2 52 SE
the tacacs could not work well as it was in the previous image even though i had the same configuration
any thoughts ?

_________________________________________________________________
Keep your friends updated-even when you're not signed in.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

justin at justinshore

Nov 24, 2009, 3:11 PM

Post #5 of 6 (772 views)
Permalink

Re: Metro Ethernet Switches [In reply to]

Bill Blackford wrote:
> I recall having some of my aaa config options slightly changing syntax after upgrading. Sounds like you've verified this, but it may be worth double-checking.

I highly recommend using a tool like RANCID to keep an eye on config
changes, especially during upgrades. I didn't bother to check the
RANCID diff when I did an upgrade over the weekend and discovered a
problem yesterday (see NTP thread from yesterday). Had I stayed up and
reviewed the email notice I would have found the problem much sooner.
At the very least get a copy of Kiwi CatTools and run it before and
after an upgrade. It's a good sanity check.

Justin

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

eng_mssk at hotmail

Nov 25, 2009, 1:35 AM

Post #6 of 6 (765 views)
Permalink

Re: Metro Ethernet Switches [In reply to]

hi justin

thanks for the reply
actually i figured out what was the issue
it was due to entering 0 (unencrypted) or 7 (encrypted) :

> Date: Tue, 24 Nov 2009 17:11:17 -0600
> From: justin [at] justinshore
> To: BBlackford [at] nwresd
> CC: eng_mssk [at] hotmail; cisco-nsp [at] puck
> Subject: Re: [c-nsp] Metro Ethernet Switches
>
> Bill Blackford wrote:
> > I recall having some of my aaa config options slightly changing syntax after upgrading. Sounds like you've verified this, but it may be worth double-checking.
>
> I highly recommend using a tool like RANCID to keep an eye on config
> changes, especially during upgrades. I didn't bother to check the
> RANCID diff when I did an upgrade over the weekend and discovered a
> problem yesterday (see NTP thread from yesterday). Had I stayed up and
> reviewed the email notice I would have found the problem much sooner.
> At the very least get a copy of Kiwi CatTools and run it before and
> after an upgrade. It's a good sanity check.
>
> Justin
>
>
>
>

_________________________________________________________________
Windows Live: Keep your friends up to date with what you do online.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads