Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
637
Views
0
Helpful
1
Replies

AAA (TACACS) Source Interface

Brandon James
Level 1
Level 1

‎01-23-2017 12:03 PM - edited ‎03-11-2019 12:23 AM

My question is this... What does TACACS/AAA use as its default source interface?

I have a 4500 switch that is configured to authenticate through a ACS server with TACACS. The device is remote and I do not have the ability to access and enter the source interface command to specifically identify the source interface.

I know of four interfaces (all VLANS) on the device and have added each into the ACS server but the device still fails to authenticate. After reviewing the config that the local admin used, the "local" option was not added after the TACACS group so currently I have no access and the local site admin is not available to physically assist.

I initially thought it might be similar to how a ping/icmp is sourced, from the outgoing interface. I have been unable to confirm this in Cisco documentation.   If it is perhaps the interface with the highest IP address this might identify my problem, as the VLAN with the highest IP (assuming there is only the 4 known VLANs) is having a routing issue.

Thanks for any help that you may be able to provide, pointing me cisco documentation would help me the most so I can perhaps learn some other ins and outs while reading. I've spent a couple hours so far searching with the nearest find stating that if you remove the source interface command it results back to the default...

Thanks,

Brandon

Labels:
0 Helpful
1 Reply 1

Leonardo Gama
Level 1
Level 1

‎01-23-2017 12:16 PM

Hi Brandon,

As far as I know, the router uses the IP address from outgoing interface, so I suggest you to double check the key configured (it may have spaces for example). It is a common issue.

Are you able to check ACS logs or perhaps run tcpdump on the server in order to confirm?

Cheers.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents