BugZero | Cisco BugID CSCuy81189 - AAA syntax/CLI changes in 7.0.x effectively removi...

OPERATIONAL DEFECT DATABASE

...

BugZero | Cisco BugID CSCuy81189 - AAA syntax/CLI changes in 7.0.x effectively removi...

Cisco - Defect ID: CSCuy81189

AAA syntax/CLI changes in 7.0.x effectively removing configuration

Cisco - Defect ID: CSCuy81189

AAA syntax/CLI changes in 7.0.x effectively removing configuration

Last updated on October 14th, 2023

BugZero Risk Score
7.8 High

Overall: 7.8

Severity: 8.2

Lifecycle: 9.1

Popularity: 5.1

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

Symptom

After upgrade from 6.0.2.U6.5b to 7.0.3.I2.2b, AAA seems to be not functioning as expected using TACACS on back end. N3K-C3048# show run Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10) N3K-C3048# show hardware Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10) Also, "show run aaa" will have the following missing commands: aaa authentication login default group local aaa authentication login console group local

Conditions

Upgrading from 6.0(2)x to 7.x train.

Workaround

Workaround #1 - If pre-upgrade: + Before upgrading - Reconfigure the command to not include "local" as this is the default mode. aaa authentication login default TACACS aaa authentication login console TACACS + This ensures the commands do not get cleared from the running-configuration upon upgrading. Wrokaround #2 - If post-upgrade: + If workaround #1 was not applied and the commands are no longer present then: Re-add the aaa commands without "local." This is the default and the syntax has changed in 7.0.x: aaa authentication login default TACACS aaa authentication login console TACACS

Further Problem Description

This is seen with any upgrade from 6.0.2 to 7.0.x

Change history

2023-10-14 Added: 7.0(3)I2(4), 7.0(3)I4(1)

Top Cisco Defects

9.7Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.7Defect ID: CSCwe01579
Cat9800 wncd reload while creating an RRM Client Coverage on large scale setup
9.7Defect ID: CSCwj73634
Full or partial 9800 configuration loss after HA SSO failover
9.7Defect ID: CSCwj74769
After [non]pairwise key enabling and reboot, bfd ip and port mismatch on device.
9.7Defect ID: CSCwh87343
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCuy81189

AAA syntax/CLI changes in 7.0.x effectively removing configuration

Cisco - Defect ID: CSCuy81189

AAA syntax/CLI changes in 7.0.x effectively removing configuration

Last updated on October 14th, 2023

BugZero Risk Score7.8 High

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
7.8 High