Symptom
Tacacs-server key is missing from the startup-config after downgrade in Nexus 3K.
Conditions
Issue is seen while downgrading the software image from 9.3.3 and 9.3.4 release.
Reproduced while downgrading from
9.3.4 to 9.2.4
9.3.3 to 9.2.4
9.3.4 to 9.3.1
Workaround
Re-configuring only the tacacs-server key is not effective after downgrade.
Instead, the following workarounds are effective:
Workaround 1:
1. Remove the tacacs-source interface using "no ip tacacs-source interface ".
2. This triggers the tacacs-server key command to be repopulated automatically in the running-config.
3. Reconfigure the tacacs-source interface using "ip tacacs-source interface ".
4. Save the running config to startup-config using "copy run start"
Workaround 2:
1. Configure key 0 command - "tacacs-server key 0 ""
2. Remove key 0 command - "no tacacs-server key 0 ""
3. Configure key 7 command - "tacacs-server key 7 ""
4. Save the running config to startup-config using "copy run start"
Further Problem Description
While downgrading Nexus 3K from 9.3.4 to 9.2.4, tacacs-server key is missing from the startup-config and hence, not applied after the downgrade is complete.
Re-adding the tacacs-server key line is also not effective.
Refer to workaround for details.
Note: Issue is seen while downgrading from 9.3.3 and 9.3.4 release.
Eg:
In version 9.3.4:
show startup-config tacacs
version 9.3(4) Bios:version 05.40
feature tacacs+
tacacs-server key 7 "xxxxx"
ip tacacs source-interface mgmt0
tacacs-server host
aaa group server tacacs+ TACACS
server
In version 9.2.4:
show startup-config tacacs
version 9.2(4) Bios:version 05.40
feature tacacs+
>>>>tacacs-server key config missing after downgrade
ip tacacs source-interface mgmt0
tacacs-server host
aaa group server tacacs+ TACACS
server
