Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1350
Views
0
Helpful
5
Replies

tacacs source interface

wsembdner
Level 1
Level 1

‎01-22-2008 12:24 AM - edited ‎03-10-2019 03:36 PM

Hi,

up to IOS Version 12.2(40)SE a source interface for tacacs could be configured with 'ip tacacs source-interface x.x.x.x' on a catalyst 3750 (advip image).

Using IOS Version 12.2(44)SE (advip image) I'm not able to use this command anymore.

Any idea how to configure a tacacs source interface using release 12.2(44)?

Regards,

Wolfhard

Labels:
0 Helpful
5 Replies 5

Richard Burts
Hall of Fame
Hall of Fame

‎01-22-2008 01:15 PM

Wolfhard

I am amazed that this would change. I have used ip tacacs source-interface in very recent versions of code on some other platforms (have not used it on 3750 though). I am wondering if there could be some other factor at work - perhaps aaa/tacacs not enabled yet or something?

HTH

Rick

HTH

Rick
0 Helpful

wsembdner
Level 1
Level 1
In response to Richard Burts

‎01-23-2008 12:17 AM

Rick,

Nope. Tacacs is running on all devices in our network. We've got some devices for testing purpose and all I did was upgrading the IOS to Version 12.2(44)SE - after reloading the device the 'ip tacacs source-interface x.x.x.x' part of the config was gone and there is no way to reconfigure it. BTW it's the same on a 2960 and 3560 with IOS Version 12.2(44)SE. I think it's a bug.

Regards,

Wolfhard

0 Helpful

markus.forrer
Level 4
Level 4
In response to wsembdner

‎01-26-2008 07:24 PM

Had the same with 12.2(44)SE. No command ip tacacs source-interface.

But I just realised it after upgrading a L3 Device.

For the L3 I going back to 12.2(40)SE.

I think also it's a bug. No other command found to solve this.

I had just upgraded from 12.2(35)SE1.

Regards

Markus

0 Helpful

markus.forrer
Level 4
Level 4

‎01-31-2008 11:59 AM

Hi. It's a bug.

But there is a workaround for this.

You can specify the sourceinterface in the "aaa group server" section if you are working with server groups...

Hope this helps. It did not helping me, cause I'm working with the global configuration commands..

Regards,

Markus

0 Helpful

wsembdner
Level 1
Level 1
In response to markus.forrer

‎02-04-2008 12:37 PM

Hi,

here's the workaround:

aaa group server tacacs+ SOMETHING

server x.x.x.x

server x.x.x.x

...

ip tacacs source-interface xxx

!

aaa authentication login default group SOMETHING local

aaa authentication enable default group SOMETHING enable

aaa authorization exec default group SOMETHING local

aaa accounting exec default start-stop group SOMETHING

aaa accounting network default start-stop group SOMETHING

Just in case someone else needs it...

Thank you Markus!

Regards,

Wolfhard

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents