[tac_plus] seeing lots of Read -1 bytes from router.example.net , expecting 12

heasley heas at shrubbery.net
Mon Jun 4 21:35:32 UTC 2012


Mon, Jun 04, 2012 at 05:06:39PM -0400, Asif Iqbal:
> On Mon, Jun 4, 2012 at 4:58 PM, heasley <heas at shrubbery.net> wrote:
> 
> > Sat, Jun 02, 2012 at 02:07:57PM -0400, Asif Iqbal:
> > > How do I verify if those are keep-alive requests. This url suggests I am
> > > experiencing those keep-alive
> > > chats
> > >
> > >  http://blog.xbsd.org/2010/10/20/cisco-css-and-tacacs
> > >
> > > I have thousands of routers. It would be lot of work to add the disable
> > in
> > > all of them.
> > > Is there may be another approach to this short from ignoring this massive
> > > amount
> > > of noises?
> >
> > there is no "tacacs keepalive" msg.  this is a timeout; ie: the router
> > connects, then does not proceed with the auth process before the tacacs
> > server timed-out the session.
> >
> 
> any suggestion how to fix this? we were using F4.0.4 on Solaris 8 and do
> not remember seeing these errors.

i dont know what that config knob in the url you post does, but try it.

but, its more likely what others have suggested - probing attempts either
to the router or directly to the daemon.  could use tcp_wrapper to block
that or IP filters.

or, could be your router config for tacacs, such as using single-connection
or a change in the router code; which you'd have to debug.


More information about the tac_plus mailing list