Cisco Cisco Packet Data Interworking Function (PDIF) Notas De La Versión
System Changes in Release 15.0
System and Platform Enhancements for February 17, 2014 ▀
Cisco ASR 5x00 Release Change Reference ▄
593
System and Platform Enhancements for February 17, 2014
This section identifies all of the system enhancements included in this release:
Feature Changes - new or modified features or behavior changes. For details, refer to the System Administration Guide
for this release.
for this release.
Command Changes - changes to any of the CLI command syntax. For details, refer to the Command Line Interface
Reference for this release.
Reference for this release.
Performance Indicator Changes - new, modified, and deprecated bulk statistics, disconnect reasons, counters and/or
fields in new or modified schema and/or show command output. For details, refer to the Statistics and Counters
Reference for this release.
fields in new or modified schema and/or show command output. For details, refer to the Statistics and Counters
Reference for this release.
CSCui80584 - ‘rem_addr’ is not being sent by the ASR to ACS
Applicable Products: All
Feature Changes
Sending rem_addr Field in TACACS+ Login Requests
A Cisco Secure ACS server can be configured to explicitly check the NAS source address for TACACS+ connections.
The ASR 5x00 may not properly set the rem_addr field in the TACACS+ protocol packet when initiating a connection
with the Cisco Secure ACS server. This may cause the Cisco Secure ACS server to reject the TACACS+ login request.
The ASR 5x00 may not properly set the rem_addr field in the TACACS+ protocol packet when initiating a connection
with the Cisco Secure ACS server. This may cause the Cisco Secure ACS server to reject the TACACS+ login request.
Important:
The default behavior is to not fill in the rem_addr field.
A new CLI command enables the setting and sending of the remote address to the IPv4 address associated with the local
context management interface for customers who require this field to be verified via the Cisco Secure ACS server.
context management interface for customers who require this field to be verified via the Cisco Secure ACS server.
When enabled the rem_addr field contains the ssh client IP address in ASCII form. If the IP address cannot be retrieved,
the length is set to zero.
the length is set to zero.
Previous Behavior: Do not send the rem_addr field in TACACS+ protocol.
New Behavior: Send the rem_addr field in TACACS+ protocol for use by a Cisco Secure ACS server.
Customer Impact: Customers that perform user authentication with NAR filtering must enable this protocol option.
Command Changes
rem_addr client-ip
This is a new command in the TACACS+ Configuration mode.
configure
tacacs modevariable
[ default | no ] rem_Addr client-ip variable