01-20-2012 03:45 AM
Hi all,
I have recently implemented the "ip tacacs source-interface" command on my 3750-E and I know it is working but I cannot see this command when I do a show running config or even a show running config full
Any ideas?
01-22-2012 02:35 PM
Urfan
Perhaps the first thing I would ask is if you would post the output of show version? This would help us to understand what platform and what version of code we are running with.
The second things I would ask is if you would post the output of show run | include source
this would help to confirm what source address commands are in the running config.
By default the router will use the IP address of the output interface as the source address of requests to the TACACS server. The ip tacacs source-interface command is useful when you want to specify which of several potential source interfaces should be used. It sounds like your router default choice of source interface agrees with the address configured in your TACACS server.
So in addition to the output requested above it might be helpful is you would also post the output of these commands
show ip route
show ip interface brief
HTH
Rick
01-23-2012 06:44 AM
Hi Rick,
Thanks for taking the time to reply.
Firstly unfortuntely I cant give you IP addresses etc due to the fact that the network in question is a Restricted one so I have had to hash out that information..
The show ver and show run | i source are below
Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 12.2(52)SE, RELEASE SOFTWARE (fc3)
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 25-Sep-09 07:33 by sasyamal
Image text-base: 0x00003000, data-base: 0x02400000
ROM: Bootstrap program is C3750E boot loader
BOOTLDR: C3750E Boot Loader (C3750E-HBOOT-M) Version 12.2(44r)SE3, RELEASE SOFTWARE (fc3)
cisco WS-C3750E-24TD (PowerPC405) processor (revision G0) with 262144K bytes of memory.
Processor board ID xxxxxxxxxxx
Last reset from power-on
4 Virtual Ethernet interfaces
1 FastEthernet interface
28 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 30 WS-C3750E-24TD 12.2(52)SE C3750E-UNIVERSALK9-M
Configuration register is 0xF
**************************************************************************************************************
#show run | i source
ip tftp source-interface GigabitEthernet1/0/10
neighbor xxx.xxx.xxx.xxx update-source Vlan9
neighbor xxx.xxx.xxx.xxx update-source Vlan9
neighbor xxx.xxx.xxx.xxx update-source GigabitEthernet1/0/7
As you can see we do have some BGP running on the device which is what the current source commands are and there is no mention of the ip tacacs source-interface in the config.
I know for a fact that it does have the command and it is making a difference simply because before I put the command in, TACACS authentications were taking a few seconds (I assume due to the fact that switch was going through the different IP addresses on it) and once I put the source-interface command in, the TACACS authentication/authorisations are instant.
01-23-2012 11:18 AM
Urfan
I am not sure what else to suggest. But perhaps a simple experiment might shed some light on the issue. If you were to use the command ip tacacs source-interface and set it to some other interface different from what it is using now, then I wonder if the source-interface command would show up in the running config? Note that changing the source interface might cause tacacs to stop working, so you want to make sure that there is an alternate for authentication and authorization if tacacs is not responding. After making the change and seeing if the command shows up in the running config you should restore the command to the value that it is currently using.
HTH
Rick
05-18-2012 01:57 PM
Just an FYI:
You cannot see the "ip tacacs source-interface" command until you have configured the "tacacs-server" commands.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide