Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1132
Views
0
Helpful
4
Replies

Help Needed - 3560X Tacacs Configuration

Go to solution
cbeswick
Level 1
Level 1

‎10-10-2013 04:48 AM - edited ‎03-07-2019 03:57 PM

Hi,

I need to configure tacacs to communicate with ACS 5.4 over the "FastEthernet 0" port on a Cisco 3560X. Is this possible using the

"ip tacacs source-interface FastEthernet0" command ?

All other IP Interfaces are public facing and we need to get AAA communications working over the internal network using RFC 1918 space.

The ACS server will not be directly connected (i.e. on the same subnet) to the Fa0 port, so I will need to add some static routes to get to the network ACS connects on.

Does anyone foresee any issues with the above ?

Thanks,

Chris.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to cbeswick

‎10-10-2013 05:37 AM

Chris

According to this document, the 3560X with the IP base image will do static routes.

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/qa_c67-578933_ps10744_Products_Q_and_A_Item.html

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎10-10-2013 05:21 AM

Chris

Can you tell us how the FastEthernet0 interface is to be configured? If it is to be configured as a layer 3 interface with its own IP address then the ip tacacs source-interface command should work just fine. If the interface is to be a layer 2 interface then the ip tacacs source-interface command should be configured on the layer 3 svi for the vlan that FastEthernet0 belongs to.

Other than this I do not think that there are many issues, assuming that the 3560 does have correct IP connectivity to the tacacs server, that the tacacs server does have correct IP connectivity to the 3560, that there are not any access list filtering or firewalls in the data path between the 3560 and the tacacs server, and that the tacacs server is correctly configured to recognize the 3560 as a tacacs client and the 3560 is correctly configured to use the tacacs server for aaa.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
cbeswick
Level 1
Level 1
In response to Richard Burts

‎10-10-2013 05:29 AM

Hi Richard,

Many thanks for your reply.

The Fa0 interface will be configured with its own IP Address.

Do you happen to know if static routes be configured to point to a next hop via this Fa0 interface with the ipbase image ?

Chris.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to cbeswick

‎10-10-2013 05:37 AM

Chris

According to this document, the 3560X with the IP base image will do static routes.

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/qa_c67-578933_ps10744_Products_Q_and_A_Item.html

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
cbeswick
Level 1
Level 1
In response to Richard Burts

‎10-10-2013 06:34 AM

Many thanks RIchard.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card