Last Modified: Nov 07, 2022
See more info
Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9
Opened: May 26, 2014
Related Article: K06504193
Duplicate TACACS user account handling might cause unexpected results.
Login might succeed for the local user with one role where it would not succeed for the remote user with a different role. This occurs when using substitution strings (essentially a placeholder string) instead of the actual value that matches the user account information.
Multiple accounts (one local and one remote) with different roles in the same partition. Normally, configuration data validation is performed at the configuration time. However, if TACACS variable substitution is used, this validation can only be performed at user login time.
Duplicate TACACS user account (local and remote) are now handled as expected.