Invalid AUTHEN/START packet

[Matt]

Having difficulty getting this working with some of my older switches, specifically Cisco 3548XL's running IOS 12.0.  Attempting to authenticate to the TACACS+ server fails and local logins are forced.  The debug output of the switch shows the following:

45w1d: TAC+: send AUTHEN/START packet ver=192 id=2100799092

45w1d: TAC+: Opening TCP/IP to X.X.X.X/49 timeout=5

45w1d: TAC+: Opened TCP/IP handle 0x6E23E4 to X.X.X.X/49

45w1d: TAC+: periodic timer started

45w1d: TAC+: X.X.X.X req=46F448 id=2100799092 ver=192 handle=0x6E23E4 (ESTAB) expire=5 AUTHEN/START/LOGIN/ASCII queued

45w1d: TAC+: X.X.X.X ESTAB 46F448 wrote 35 of 35 bytes

45w1d: TAC+: X.X.X.X ESTAB read=12 wanted=12 alloc=12 got=12

45w1d: TAC+: X.X.X.X ESTAB read=45 wanted=45 alloc=45 got=33

45w1d: TAC+: X.X.X.X received 45 byte reply for 46F448

45w1d: TAC+: req=46F448 id=2100799092 ver=192 handle=0x6E23E4 (ESTAB) expire=4 AUTHEN/START/LOGIN/ASCII processed

45w1d: TAC+: periodic timer stopped (queue empty)

45w1d: TAC+: Closing TCP/IP 0x6E23E4 connection to X.X.X.X/49

45w1d: AAA/AUTHEN (2100799092): status = ERROR

45w1d: AAA/AUTHEN/START (2100799092): Method=LOCAL

45w1d: AAA/AUTHEN (2100799092): status = GETUSER

The syslog of the TACACS+ server shows:

May 23 10:52:41 hostname tac_plus[9064]: a2/74e30d99: Error X.X.X.X (null): Invalid AUTHEN/START packet

May 23 10:52:41 hostname tac_plus[9064]: Error X.X.X.X (null): Invalid AUTHEN/START packet

Newer versions of IOS work with no issues.  I have downloaded an updated IOS version for the 3548's but it's still version 12.0.  

Thanks.

[Marc Huber]

Hi Matt,

On 23.05.14 17:03, Matt wrote:

The syslog of the TACACS+ server shows:

May 23 10:52:41 hostname tac_plus[9064]: a2/74e30d99: Error X.X.X.X (null): Invalid AUTHEN/START packet

May 23 10:52:41 hostname tac_plus[9064]: Error X.X.X.X (null): Invalid AUTHEN/START packet

please retry with "debug = PACKET". 

Cheers,

Marc