21 May, 2013

Tacacs name-lookup warning


sh logg gives same warning every 60-62 minutes on a Nexus 5548 switch:

r6k4-5548 %TACACS-4-TACACS_WARNING: Problem during name-lookup. Error:-2(host nor service provided, or not known)
r6k4-5548 last message repeated 1 time

debu tacacs+ all shows following output during the next occurance of the warning:



2013 May 21 10:04:09.842155 tacacs: tacacs_reverse_lookup(257):Got the DCOS_CONTEXT:2.
2013 May 21 10:04:09.842168 tacacs: tacacs_reverse_lookup(279):calling getaddrinfo with rem_addr:fe80:0:0:0:250:56ff:feb0:68%2.
2013 May 21 10:04:09.842181 tacacs: cache id = fe80:0:0:0:250:56ff:feb0:68%2:0:1
2013 May 21 10:04:09.842263 tacacs: serv_id: fe80:0:0:0:250:56ff:feb0:68%2:0:1
2013 May 21 10:04:09.842597 tacacs: check_local_cache(1522):Returning NULL res as there  is no match found in procjob_data_list(local_cache).
2013 May 21 10:04:09.842632 tacacs: Exiting: check_local_cache , Line : 1523
2013 May 21 10:04:09.842649 tacacs: server not found and no async-job for this server.. resolving with timeout 3 secs
2013 May 21 10:04:09.856803 tacacs: Entering : resolve_server_hostname : Line : 1380
2013 May 21 10:04:09.856869 tacacs: resolve_server_hostname : server_addr_info 0x81de324
2013 May 21 10:04:09.856951 tacacs: resolve_server_hostname : fe80:0:0:0:250:56ff:feb0:68%2 service : 0 vrf : 1
2013 May 21 10:04:09.857878 tacacs:  resolve_server_hostname failure : host nor service provided, or not known
2013 May 21 10:04:09.857941 tacacs: Exiting: resolve_server_hostname , Line : 1406
2013 May 21 10:04:10.866188 tacacs: getaddrinfo_async_n7k(1144):procjob_fork_fp:syserr:0x0 ret_syserr:0xfffffffe str(syserr): SUCCESS
2013 May 21 10:04:10.866243 tacacs: getaddrinfo_async_n7k(1270):Job Completed Successfully for server:fe80:0:0:0:250:56ff:feb0:68%2 but unable to resolve
2013 May 21 10:04:10.866281 tacacs: getaddrinfo_async_n7k(1277):Returning NULL res!!!ASSERT ASSERT ASSERT.
2013 May 21 10:04:10.866333 tacacs: tacacs_reverse_lookup(356):Failed to get the host addr, using the hostname. Error(host nor service provided, or not known), ignoring..



Solution: The IPv6 link-local address belongs to the Cisco DCNM server (running RHL5.5) that manages the switch over SNMPv3 and SSH. Disabling the IPv6 stack on the server solved the problem.

To investigate further: why and for what reason is the switch trying to reverse-lookup the name of the DCNM server.

Posted by at

4 comments:

  1. SteffenWebb19 August, 2014 15:18

    did you solve the problem /find the reason for the warnings. I have the same stupid warnings on my 5548, but i my case the DCNM is turned off. So is there hidden references to the DCNM server ?

    Kind Regards Steffen Webb

    ReplyDelete
  2. Heiki Saaver19 August, 2014 15:36

    sorry, I haven't investigated further. Have you tried debugging tacacs as above? Is your case also related to ipv6 address? Do you know which server's address is being tried to name-lookup?

    ReplyDelete
  3. SteffenWebb19 August, 2014 15:46

    I will try to debug and dig down in my config to see why combined with debug. If i find anything, i will post it :)

    ReplyDelete
  4. sandstrand31 July, 2017 15:45

    Did you find anything debugging this?

    ReplyDelete

Subscribe to: Post Comments (Atom)