Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
764
Views
0
Helpful
2
Replies

TACACS+ client side port range

helm123
Level 1
Level 1

‎02-15-2006 09:43 AM - edited ‎03-10-2019 02:28 PM

The ACS appliance talks to the AAA client on the standard Tacacs port 49 destine for port 11xxx on the AAA client. The Client then replies to the ACS appliance on that same 11xxx port destine for port 49 on the ACS appliance. Anyone know the port range the AAA client uses to respond the the ACS appliance?

Labels:
0 Helpful
2 Replies 2

darpotter
Level 5
Level 5

‎02-16-2006 12:45 AM

Isnt the other way around?

The T+ AAA server listens on port 49, and replies back to the AAA client (presumably an IOS device).

If is there no specific option in IOS to restrict local port ranges, then you'd have to assume that any local port could be used.

Darran

0 Helpful

helm123
Level 1
Level 1
In response to darpotter

‎02-16-2006 03:50 AM

Actually you can see via Ethereal that the AAA client a Cisco 2950 initiates the traffic to the ACS on port 11098 destine to the ACS on port 49. The ACS then responds on port 49 destine for port 11098 on the Cisco 2950.

But you are completely right about the port range. The AAA client uses any local port it wants to start the AAA process between itself and the ACS.

Was just wondering if there was any way in IOS to hard set this port range to help limit the filters applied to a series of Gauntlet Firewalls.

0 Helpful
Customers Also Viewed These Support Documents