cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1449
Views
0
Helpful
6
Replies
Highlighted
Beginner

IP address sent to TACACS server

Setup a TACACS server on out network to control console and telnet access to routers and switches. Most of our remote routers have multiple wan paths to the TACACS servers and may present a different IP address depending on which path is available or least busy. This causes an authentication failure that denies access to the equipment. Is there a way to configure the router to always send a specific address, either a loopback or internal LAN IP?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

IP address sent to TACACS server

you may also go through the below listed link

http://my.safaribooksonline.com/book/networking/cisco-ios/0596527225/tacacsplus/i85779__heada__4_7

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin Katyal

View solution in original post

6 REPLIES 6
Highlighted
Cisco Employee

IP address sent to TACACS server

yes.

ip tacacs source-interface interface/vlan id

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin Katyal
Highlighted
Cisco Employee

IP address sent to TACACS server

you may also go through the below listed link

http://my.safaribooksonline.com/book/networking/cisco-ios/0596527225/tacacsplus/i85779__heada__4_7

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin Katyal

View solution in original post

Highlighted
Cisco Employee

IP address sent to TACACS server

Did you get that working with the above suggested command?

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin Katyal
Highlighted
Beginner

IP address sent to TACACS server

Thank you. That worked!

Highlighted
Cisco Employee

IP address sent to TACACS server

Thanks for updating the thread.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin Katyal
Highlighted
Contributor

IP address sent to TACACS server

Hi

FYI,


Device  Filter—Filters a network device (AAA client) that acts as a Policy  Enforcement Point (PEP) to the end station based on the network device's  IP address or name, or the network device group that it belongs to.

The  device identifier can be the IP address or name of the device, or it  can be based on the network device group to which the device belongs.

The  IP address is a protocol-agnostic attribute of type IPv4 that contains a  copy of the device IP address obtained from the request:

–In a RADIUS request, if Attribute 4 (NAS-IP-Address) is present,  ACS obtains the IP address from Attribute 4; otherwise, if Attribute 32  (NAS-Identifier) is present, ACS obtains the IP address from Attribute  32, or it obtains the IP address from the packet that it receives.

–In a TACACS request, the IP address is obtained from the packet that ACS receives.