Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
232
Views
0
Helpful
1
Replies

The mysterious tacacs commands - where is fqdn?

1977bjorn
Level 1
Level 1

‎03-21-2024 03:14 AM

Having worked with ISE and switching for many years, I stumbled upon some weird configuration.

Using some newer IOS XE in a 9K switch, I found the following command:

aaa group server tacacs+ mygroup
server name test1

tacacs server test1
address fqdn yadayada.something.x
key 7 supersecretkey

Initial thoughts, wow - now I can use fqdn! (assuming some things of course). I ran into some issues testing it out, but I got it working using kind of the above configuration. The fqdn points to a a-record and all where good. Main idea is to be able to change server ip without having to reconfigure all network devices if that is needed at some point (already done it once and I rather not do it again).

Problem is - I find little to no documentation on this command, when it was introduced, and for what versions. As we do not have the same image on all out switches, it´s hard to set a policy for it.

Labels:
0 Helpful
1 Reply 1

marce1000
VIP
VIP

‎03-21-2024 07:06 AM

 

              >...Main idea is to be able to change server ip without having to reconfigure all network devices
  - That doesn't work ; in IOS and IOS-XE , the fqdn is only resolved once and then the resulting address is  used after configuration ; of course here it could be seen as positive security feature.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card