It will chose an interface

Thiyagarajan K · ‎03-22-2016

Hello Team,

In our environment we are using the below configuration for TACACS. In a worst case scenario if the mgmt interface connected port goes down then what would be source IP address which switch use to communicate with the TACACS server?

aaa group server tacacs+ acs-in

server x.x.x.x

use-vrf management

source-interface loopback0

</Config Snip>

Just I'm thinking how the mgmt traffic flows if the MGTM port is down.

Regards,

Thiyagu

Mark Malone · ‎03-22-2016

Your sourcing mgmt traffic off the loopback so it would be that interface ip , but traffic may not get out if mgmt. int is actually hard physically down , that's the whole point of segregating mgtmt traffic so its not crossing production traffic links but it can remove mgmt. path redundancy when locked down to one source interface

where exactly is the vrf forwarding what interface ?

Thiyagarajan K · ‎03-22-2016

Thanks Mark.

In one of our device we have the below configuration without source interface as loopback.

If we are not specifying the source interface in TACACS configuration then what would be source IP address which switch used to communicate with the TACACS server?

<SNIP>

aaa group server tacacs+ acs-in

server x.x.x.x

use-vrf management

</SNIP>

Mark Malone · ‎03-22-2016

It will chose an interface itself to source from usually the next highest logical ip address available if no interface is specified , you will be able to see which one if you were to debug or use a wireshark and check the source of the packet

VRF management for TACACS