Re: router source ip for tacacs requests?

mcdonalda · ‎05-23-2005

I have some routers to be configured for TACACS+ management authorization. What will be the source IP address of the Tacacs requests?

- Will it use the loopback address?

- or the ip address of one of the route interfaces?

- can this be configured?

m.lammerse · ‎05-23-2005

By default, the ip address will be of the outgoing interface towards the tacacs server. This can be changed with the following command:

ip tacacs source-interface

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/secur_r/sec_i1g.htm#wp1074100

HTH

Richard Burts · ‎05-24-2005

The explanation given by Marcel is correct and the link provided should be helpful.

My perspective is that if there is only one interface that the router can use to get to the TACACS server then there is little value in configuring the source interface for TACACS. But if there is more than one interface that the router can use then there is a big benefit in configuring the source interface. When you configure the source inteface then no matter which interface is used to send the packet the request to TACACS will always have the same address.

If you are going to configure the source address it is frequently the best choice to use a loopback interface address since that removes a physical dependency.

HTH

Rick

HTH

Rick

mcdonalda · ‎05-24-2005

thankyou very much