BugZero | Cisco BugID CSCuy81189 - AAA syntax/CLI changes in 7.0.x effectively removi...

Cisco - Defect ID: CSCuy81189

AAA syntax/CLI changes in 7.0.x effectively removing configuration

Cisco - Defect ID: CSCuy81189

AAA syntax/CLI changes in 7.0.x effectively removing configuration

Last updated on October 14th, 2023

BugZero Risk Score
7.8 High

Overall: 7.8

Severity: 8.2

Lifecycle: 9.1

Popularity: 5.1

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Views: 75

Description

Symptom

After upgrade from 6.0.2.U6.5b to 7.0.3.I2.2b, AAA seems to be not functioning as expected using TACACS on back end. N3K-C3048# show run Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10) N3K-C3048# show hardware Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10) Also, "show run aaa" will have the following missing commands: aaa authentication login default group local aaa authentication login console group local

Conditions

Upgrading from 6.0(2)x to 7.x train.

Workaround

Workaround #1 - If pre-upgrade: + Before upgrading - Reconfigure the command to not include "local" as this is the default mode. aaa authentication login default TACACS aaa authentication login console TACACS + This ensures the commands do not get cleared from the running-configuration upon upgrading. Wrokaround #2 - If post-upgrade: + If workaround #1 was not applied and the commands are no longer present then: Re-add the aaa commands without "local." This is the default and the syntax has changed in 7.0.x: aaa authentication login default TACACS aaa authentication login console TACACS

Further Problem Description

This is seen with any upgrade from 6.0.2 to 7.0.x

Change history

2023-10-14 Added: 7.0(3)I2(4), 7.0(3)I4(1)

Top Cisco Defects

9.7Defect ID: CSCvd48893
Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
9.7Defect ID: CSCwe01579
Cat9800 wncd reload while creating an RRM Client Coverage on large scale setup
9.7Defect ID: CSCwc66646
Unexpected Reload due to Segmentation Fault in the CCSIP_SPI_CONTROL process
9.7Defect ID: CSCwf08698
Cat9k Crashes Unexpectedly due to a Fault in the 'TLSCLIENT_PROCESS'
9.7Defect ID: CSCvp36425
Cisco ASA & FTD Software Cryptographic TLS and SSL Driver Denial of Service Vulnerability

Ready to prevent the next vendor outage?

Get a demo

Cisco - Defect ID: CSCuy81189

AAA syntax/CLI changes in 7.0.x effectively removing configuration

Cisco - Defect ID: CSCuy81189

AAA syntax/CLI changes in 7.0.x effectively removing configuration

Last updated on October 14th, 2023

BugZero Risk Score7.8 High

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
7.8 High