NAS configure with 2 ip address failed on AAA authentication

Unanswered Question
Mar 5th, 2008
User Badges:

I have routers configured with 2 bvi interfaces for dlsw.

When I configure NAS setting with 2 ip address, sometime the AAA authentication failed to prompt for user authentication.

Should I used ip tacacs source-interface?

If I configure only one, if that interface is down, then I will not be authentication using AAA even the second bvi interface is up.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Sun, 03/09/2008 - 10:13
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


The AAA server identifies the client by a single IP address and the client always needs to use that address as the source address. If you have 2 BVI interfaces it may be that sometimes the source address is one and sometimes the source address may be the other. That would account for the fact that sometimes it promts for user authentication and sometimes it does not prompt.

If using 1 BVI as the source address creates the potential that sometimes it might not work because that interface was down but the other BVI was up, then perhaps you should consider configuring a loopback address and using the loopback address as the source address. If the loopback was the source address then it would not matter which BVI might be up and which might be down.




This Discussion