[Lesson Learned] Nexus & ISE TACACS+ Issue

Problem:

Problem when configuring TACACS Services for Nexus 7k device and ISE as TACACS Service.
Already configured referring this document.
When attempting to configure any tacacs command, there is error message appeared:

Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=17(0x11)

Problem Verification:

  1. Getting error “Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=17(0x11)” every time we  change command on CLI
  2. Cannot save the configuration to switch

Additional Information

  1. Authorization configured with ISE and there were no fall-back configured on the non-working switch; however, we had another working switch which had the fall-back configured for authorization.
  2. Checked the ISE logs and authorization was succeeding.

Troubleshooting Process

  1. Perform several show command to switch to check the RAID status info on switches
  2. Backup all VDC’s config via tftp
  3. Reload switches

Detailed Solution

  1. Perform several show command to switch

    0xc3 tells that both primary and secondary had failed.
    The only way to recover this situation is by backing up the configuration and reload the whole chassis.

    Resolution:
    Copy the running config to a FTP or USB. Please take backup from all the VDC’s and then reload the chassis. Scenario matches Scenario B.

  2. TAC suggested to reload switch as workaround and upgrade OS to 6.2.16 which is recommended.
  3. Backup all configuration on all VDC of the switches, including show vlan brief and show run to tftp
  4. Reload the switches

Notes:

There is a chance that all config on all VDC erased, so it’s a best practice to save all VDC configs to tftp server

Ilhampst March 10, 2017

journal / nexus / tacacs / troubleshoot /

[Study Notes] Learning Methodology – 2
Menghitung IP Address Cara Praktis

Leave a Reply

Your email address will not be published / Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.