Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2644
Views
15
Helpful
2
Replies

TACACS via vrf

Go to solution
vin.marco
Level 1
Level 1

‎09-21-2021 12:39 AM

Hello everyone
they asked me to configure access to the ASR devices via tacacs + via VRF, while if I log in via IP in global i have to use local credentials.
Do you think it is possible?

1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎09-21-2021 05:54 AM

Hi,

Yes it is possible. If you are using local cred, then your TACACS isn't
reachable from your ASR VRF.

Check your config and make sure your TACACS server is reachable. Here is an
example

aaa group server tacacs+ tacacs1
server-private 10.1.1.1 port 19 key cisco
ip vrf forwarding cisco
ip tacacs source-interface Loopback0
ip vrf cisco
rd 100:1
interface Loopback0
ip address 10.0.0.2 255.0.0.0
ip vrf forwarding cisco

**** please remember to rate useful posts

View solution in original post

2 Replies 2

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎09-21-2021 05:54 AM

Hi,

Yes it is possible. If you are using local cred, then your TACACS isn't
reachable from your ASR VRF.

Check your config and make sure your TACACS server is reachable. Here is an
example

aaa group server tacacs+ tacacs1
server-private 10.1.1.1 port 19 key cisco
ip vrf forwarding cisco
ip tacacs source-interface Loopback0
ip vrf cisco
rd 100:1
interface Loopback0
ip address 10.0.0.2 255.0.0.0
ip vrf forwarding cisco

**** please remember to rate useful posts

Go to solution
Ruhtra
Level 1
Level 1

‎01-17-2023 04:51 AM

what determines what loopback IP address to use?

0 Helpful
Customers Also Viewed These Support Documents