Dear all,
I'm currently evaluating a scenario where AAA request are load balanced across multiple ACS 5.3 instances. The application delivery controller runs in L3 mode, which naturally causes the original packet's source IP address to be replaced by a randomly selected proxy address.
As far as RADIUS is concerned, I can perfectly determine the originating NAS by means of a 'Device Filter' condition. Unfortunately, ACS seems to lack the possibility of achieving the same for TACACS+. According to the user manual, only the actual IP address from the received packet is taken into account. I've also come across the 'NAS-Address' attribute in the protocol dictionary, but it can't be used in a custom condition either.
Does anyone happen to know how to retrieve the initial device IP address from a TACACS+ request in order to use it for further policing?
Cheers,
Josef
