This issue is due to presence of Cisco bug ID CSCsd46369.
In this issue the packets sent by the router or switch contain the wrong IP source address, even though the configuraiton identifies a specific interface to be used as the IP source address. The TACACS+ server rejects some of the AAA requests since they arrive with an unknown IP source address.
This issue is typically observerd on a 3845 that runs Cisco IOS Software Release 12.4(5) (c3845-adventerprisek9_sna-mz.124-5.bin).
The configuration included the line:
ip tacacs source-interface Loopback0
The workaround for this issue is to configure entries for each IP address in use at each NAS on TACACS+ server.
In order to completely resolve this issue, upgrade the router to any of these software releases:
Hi All, We have applied NAC setting on 2960S. It is working properly without issue.When we applied the same setting on 2960X. It doesn't work. IOS: WS-C2960XR-48TS-I 15.2(2)E4=================================================================...
Want to check below design possibility for 25K users (will increase 20% - 30% in future)
PAN-MNT on single 3695 node ( as per guide, it can support 50K in hybrid deployment)
Two 3655 as PSN (can handle 25K sessions per PSN in hybrid deployment)
Can anyone offer any guidance on a rule of thumb for how many ISE base/plus licenses would be typical for a school district that is interested in ISE for wired/wireless NAC including profiling? I'm thinking that there might be a rule of thumb based on stu...