tacacs source interface

Unanswered Question
Jan 22nd, 2008


up to IOS Version 12.2(40)SE a source interface for tacacs could be configured with 'ip tacacs source-interface x.x.x.x' on a catalyst 3750 (advip image).

Using IOS Version 12.2(44)SE (advip image) I'm not able to use this command anymore.

Any idea how to configure a tacacs source interface using release 12.2(44)?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Tue, 01/22/2008 - 13:15


I am amazed that this would change. I have used ip tacacs source-interface in very recent versions of code on some other platforms (have not used it on 3750 though). I am wondering if there could be some other factor at work - perhaps aaa/tacacs not enabled yet or something?



wsembdner Wed, 01/23/2008 - 00:17


Nope. Tacacs is running on all devices in our network. We've got some devices for testing purpose and all I did was upgrading the IOS to Version 12.2(44)SE - after reloading the device the 'ip tacacs source-interface x.x.x.x' part of the config was gone and there is no way to reconfigure it. BTW it's the same on a 2960 and 3560 with IOS Version 12.2(44)SE. I think it's a bug.



markus.forrer Sat, 01/26/2008 - 19:24

Had the same with 12.2(44)SE. No command ip tacacs source-interface.

But I just realised it after upgrading a L3 Device.

For the L3 I going back to 12.2(40)SE.

I think also it's a bug. No other command found to solve this.

I had just upgraded from 12.2(35)SE1.



markus.forrer Thu, 01/31/2008 - 11:59

Hi. It's a bug.

But there is a workaround for this.

You can specify the sourceinterface in the "aaa group server" section if you are working with server groups...

Hope this helps. It did not helping me, cause I'm working with the global configuration commands..



wsembdner Mon, 02/04/2008 - 12:37


here's the workaround:

aaa group server tacacs+ SOMETHING

server x.x.x.x

server x.x.x.x


ip tacacs source-interface xxx


aaa authentication login default group SOMETHING local

aaa authentication enable default group SOMETHING enable

aaa authorization exec default group SOMETHING local

aaa accounting exec default start-stop group SOMETHING

aaa accounting network default start-stop group SOMETHING

Just in case someone else needs it...

Thank you Markus!




This Discussion