cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7542
Views
5
Helpful
5
Replies

"ip tacacs source-interface" command not working

mjmnetsec
Beginner
Beginner

I have a C-3750 L3 switch that's part of a project to get ACS-based authentication configured, and while I'm able to get most of the devices working, this one switch won't take the ip tacacs source-interface command. Can someone confirm whether this is an IOS issue?:

---C-3750-a(config)#ip tacacs source-interface loopback0

                                 ^

% Invalid input detected at '^' marker.

Current IOS on the device:

Switch Ports Model              SW Version            SW Image                

------ ----- -----              ----------            ----------              

*    1 28    WS-C3750G-24PS     12.2(44)SE            C3750-ADVIPSERVICESK9-M 

     2 28    WS-C3750G-24PS     12.2(44)SE            C3750-ADVIPSERVICESK9-M 

--

Thanks!

2 Accepted Solutions

Accepted Solutions

Abha Jha
Cisco Employee
Cisco Employee

Its a bug:-

CSCsm28901

"ip tacacs source-interface" command missing in 12.2.44SE.

Please move to another IOS.

View solution in original post

Jatin Katyal
Cisco Employee
Cisco Employee

Since this is a known defect because ip tacacs source-interface" isn't available globally, you should be able to include it in a group configuration, for example:

tacacs-server host key

aaa group server tacacs+ TAC

server

ip tacacs source-interface

aaa authentication login default group TAC local

Let me know if you have any further queries.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

View solution in original post

5 Replies 5

Abha Jha
Cisco Employee
Cisco Employee

Its a bug:-

CSCsm28901

"ip tacacs source-interface" command missing in 12.2.44SE.

Please move to another IOS.

Instead of using the ip tacacs source-interface Loopback0 command in the global config mode, specify the source interface in the server group-

 

Example - 

aaa group server tacacs+ TACACS+_ISE
server-private <server IP> key <key>

ip tacacs source-interface Loopback0

Jatin Katyal
Cisco Employee
Cisco Employee

Since this is a known defect because ip tacacs source-interface" isn't available globally, you should be able to include it in a group configuration, for example:

tacacs-server host key

aaa group server tacacs+ TAC

server

ip tacacs source-interface

aaa authentication login default group TAC local

Let me know if you have any further queries.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Thanks for confirming the fact that this is a bug. The workaround worked just fine. Thank you.

Uw. Thanks for updating/closing the thread.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers