cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
990
Views
0
Helpful
1
Replies

NAS configure with 2 ip address failed on AAA authentication

ccsam
Level 1
Level 1

I have routers configured with 2 bvi interfaces for dlsw.

When I configure NAS setting with 2 ip address, sometime the AAA authentication failed to prompt for user authentication.

Should I used ip tacacs source-interface?

If I configure only one, if that interface is down, then I will not be authentication using AAA even the second bvi interface is up.

1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

Chee

The AAA server identifies the client by a single IP address and the client always needs to use that address as the source address. If you have 2 BVI interfaces it may be that sometimes the source address is one and sometimes the source address may be the other. That would account for the fact that sometimes it promts for user authentication and sometimes it does not prompt.

If using 1 BVI as the source address creates the potential that sometimes it might not work because that interface was down but the other BVI was up, then perhaps you should consider configuring a loopback address and using the loopback address as the source address. If the loopback was the source address then it would not matter which BVI might be up and which might be down.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: