Symptom
After upgrade from 6.0.2.U6.5b to 7.0.3.I2.2b, AAA seems to be not functioning as expected using TACACS on back end.
N3K-C3048# show run
Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10)
N3K-C3048# show hardware
Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10)
Also, "show run aaa" will have the following missing commands:
aaa authentication login default group local
aaa authentication login console group local
Conditions
Upgrading from 6.0(2)x to 7.x train.
Workaround
Workaround #1 - If pre-upgrade:
+ Before upgrading - Reconfigure the command to not include "local" as this is the default mode.
aaa authentication login default TACACS
aaa authentication login console TACACS
+ This ensures the commands do not get cleared from the running-configuration upon upgrading.
Wrokaround #2 - If post-upgrade:
+ If workaround #1 was not applied and the commands are no longer present then:
Re-add the aaa commands without "local." This is the default and the syntax has changed in 7.0.x:
aaa authentication login default TACACS
aaa authentication login console TACACS
Further Problem Description
This is seen with any upgrade from 6.0.2 to 7.0.x
