Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
0
Helpful
3
Replies

Question about TACACS source interface.

andrea.meconi
Level 2
Level 2

‎05-26-2014 06:34 AM - edited ‎03-10-2019 09:45 PM

Hello.

I'm reading more posts about the "ip tacacs source-interface".

I'm using a Catalyst 4503 with IOS version 12.2(44)SG1 configured to use vlan101's IP address as source address for the T+ request.

However, the switch continues to use another IP and authetication fails.

The source-interface command is set globally and for the AAA group.

Any ideas?

Thanks.

Regards.

Andrea

 

Labels:
0 Helpful
3 Replies 3

edwardcollins7
Level 1
Level 1

‎05-26-2014 07:26 AM

Could you share the configuration you have ?

There might be an existing defect on this?

Do post this on the switching board as well, they might have an idea.

Rate if Useful :)

Sharing knowledge makes you Immortal.

Regards,

Ed

0 Helpful

andrea.meconi
Level 2
Level 2
In response to edwardcollins7

‎05-26-2014 07:54 AM

Hello Edward!

 

 

aaa new-model
!
!
aaa group server tacacs+ CiscoSecureACS
server 1.1.1.1
server 1.1.1.2
ip tacacs source-interface Vlan101
!
aaa authentication login default group CiscoSecureACS local
aaa authentication enable default group CiscoSecureACS enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group CiscoSecureACS local
aaa authorization commands 0 default group CiscoSecureACS local
aaa authorization commands 1 default group CiscoSecureACS local
aaa authorization commands 15 default group CiscoSecureACS local
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group CiscoSecureACS
aaa accounting commands 15 default start-stop group CiscoSecureACS
aaa accounting connection default start-stop group CiscoSecureACS
!
!
!
aaa session-id common
!
ip tacacs source-interface Vlan101
!
tacacs-server host 1.1.1.1 single-connection key 7 095841191809021C0A
tacacs-server host 1.1.1.2 single-connection key 7 061200314D421C1704
tacacs-server timeout 3
tacacs-server directed-request

 

 

Request from this switch comes from another IP interface....

0 Helpful

edwardcollins7
Level 1
Level 1
In response to andrea.meconi

‎05-27-2014 12:03 AM

Could send capture the traffic in between or provide me "debug tacacs+" and " debug aaa authentication"

Rate if Useful :)

Sharing knowledge makes you Immortal.

Regards,

Ed

0 Helpful
Customers Also Viewed These Support Documents