- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2006 05:05 PM
Hello all,
I am trying to use the management interface of a CCS11501 as the source interface of any Tacacs+ authentication.
I have added a managment route for the subnet where the tacacas servers are but authentication is still going via circuit VLAN1.
It will not allow me to add a "normal" route due to the overlap with the management interface.
What I really want is a tacacs source interface equivalant.
Any and all help appreciated,
Andrew.
Solved! Go to Solution.
- Labels:
-
Application Networking
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2006 09:59 PM
Andrew,
The CSS management interface is not designed to be used for user traffic flow or for tacacs, radius, syslog, ntp etc. Therefore there is no way to force tacacs traffic to use this interface. Also there is no equivelent to "ip tacacs source-interface" in IOS.
The management interface was designed to be used only for telnet, ssh and web GUI access to the CSS.
Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2006 09:59 PM
Andrew,
The CSS management interface is not designed to be used for user traffic flow or for tacacs, radius, syslog, ntp etc. Therefore there is no way to force tacacs traffic to use this interface. Also there is no equivelent to "ip tacacs source-interface" in IOS.
The management interface was designed to be used only for telnet, ssh and web GUI access to the CSS.
Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2006 04:44 AM
What version of the Content switch software are you running? I have utilized the management interface for tacacs from 1105x's to 1150x, If I just add the management route as you described it worked flawlessly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-12-2006 06:22 PM
Hello,
thanks for the reply and my apologies for the delay in replying.
Version details:
Version: sg0810002 (08.10.0.02)
Flash (Locked): 08.10.0.02
Flash (Operational): 08.10.0.02
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2006 08:48 AM
The 11500 will refuse to talk to a TACACS server that isn't on a directly attached network. If your TACACS server isn't on that same net, you can alter the netmask on the management interface to make it beleive it is directly attached. Combine that with a management-route and a network that will proxy-arp for your TACACS server and you are all set.
