tacacs-server source interface

Answered Question
Feb 22nd, 2010
User Badges:

Hi All


Just a quick one..


incase I have a tacacs server source-interface loopback0 command configured, and my loopback has no ip address , will the source packets go with the outgoing interface IP ?


I saw in command reference - "

The specified interface must have an IP address associated with it. If the specified subinterface does not have an IP address or is in a down state, TACACS+ reverts to the default. To avoid this situation, add an IP address to the subinterface or bring the interface to the up state"


what does TACACS+ reverts to default mean ? I dont think there is any default state associated with tacacs configuration right ?


Thanks

Correct Answer by Reza Sharifi about 7 years 4 months ago

sblavanya wrote:


Thanks Reza..


What happens if there is no loopback interface defined at all ? Does it still go back to default and take the VLAN IP?


Our issue is, we have many devices either with no IP on the loopback, or no loopback defined, and incase when standardizing, we apply the "ip tacacs source-interface loopback0" it shouldnt hamper tacacs communication, and take the VLAN IP address..


Thanks


Yes, it will use the outgoing interface vlan/IP.

If you do not have loopback addresses defined on your devices, there is no need sourcing your tacace commands from the loopback address.

it is just extra proccesing burdn added to the router CPU and not needed.


HTH

Reza

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Reza Sharifi Mon, 02/22/2010 - 08:56
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hi,


By default it uses the outgoing interface IP.  If you specify loopback address with an IP then it uses the loopback IP and if there is no IP on the loopback interface then it reverts to default which means outgoing interface IP.


HTH


Reza

sblavanya Mon, 02/22/2010 - 09:10
User Badges:

Thanks Reza..


What happens if there is no loopback interface defined at all ? Does it still go back to default and take the VLAN IP?


Our issue is, we have many devices either with no IP on the loopback, or no loopback defined, and incase when standardizing, we apply the "ip tacacs source-interface loopback0" it shouldnt hamper tacacs communication, and take the VLAN IP address..


Thanks

Correct Answer
Reza Sharifi Mon, 02/22/2010 - 09:21
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

sblavanya wrote:


Thanks Reza..


What happens if there is no loopback interface defined at all ? Does it still go back to default and take the VLAN IP?


Our issue is, we have many devices either with no IP on the loopback, or no loopback defined, and incase when standardizing, we apply the "ip tacacs source-interface loopback0" it shouldnt hamper tacacs communication, and take the VLAN IP address..


Thanks


Yes, it will use the outgoing interface vlan/IP.

If you do not have loopback addresses defined on your devices, there is no need sourcing your tacace commands from the loopback address.

it is just extra proccesing burdn added to the router CPU and not needed.


HTH

Reza

sblavanya Mon, 02/22/2010 - 09:43
User Badges:

Thanks Reza.


Ya.. Im aware of the fact not to source tacacs on interfaces which arent defined, but sometimes people push policies of NCM, where it is statically defined to push, and that shouldnt break any coomunication...


Thanks again for the help

Actions

This Discussion

Related Content