02-22-2010 07:58 AM - edited 03-06-2019 09:50 AM
Hi All
Just a quick one..
incase I have a tacacs server source-interface loopback0 command configured, and my loopback has no ip address , will the source packets go with the outgoing interface IP ?
I saw in command reference - "
The specified interface must have an IP address associated with it. If the specified subinterface does not have an IP address or is in a down state, TACACS+ reverts to the default. To avoid this situation, add an IP address to the subinterface or bring the interface to the up state"
what does TACACS+ reverts to default mean ? I dont think there is any default state associated with tacacs configuration right ?
Thanks
Solved! Go to Solution.
02-22-2010 09:21 AM
sblavanya wrote:
Thanks Reza..
What happens if there is no loopback interface defined at all ? Does it still go back to default and take the VLAN IP?
Our issue is, we have many devices either with no IP on the loopback, or no loopback defined, and incase when standardizing, we apply the "ip tacacs source-interface loopback0" it shouldnt hamper tacacs communication, and take the VLAN IP address..
Thanks
Yes, it will use the outgoing interface vlan/IP.
If you do not have loopback addresses defined on your devices, there is no need sourcing your tacace commands from the loopback address.
it is just extra proccesing burdn added to the router CPU and not needed.
HTH
Reza
02-22-2010 08:56 AM
Hi,
By default it uses the outgoing interface IP. If you specify loopback address with an IP then it uses the loopback IP and if there is no IP on the loopback interface then it reverts to default which means outgoing interface IP.
HTH
Reza
02-22-2010 09:10 AM
Thanks Reza..
What happens if there is no loopback interface defined at all ? Does it still go back to default and take the VLAN IP?
Our issue is, we have many devices either with no IP on the loopback, or no loopback defined, and incase when standardizing, we apply the "ip tacacs source-interface loopback0" it shouldnt hamper tacacs communication, and take the VLAN IP address..
Thanks
02-22-2010 09:21 AM
sblavanya wrote:
Thanks Reza..
What happens if there is no loopback interface defined at all ? Does it still go back to default and take the VLAN IP?
Our issue is, we have many devices either with no IP on the loopback, or no loopback defined, and incase when standardizing, we apply the "ip tacacs source-interface loopback0" it shouldnt hamper tacacs communication, and take the VLAN IP address..
Thanks
Yes, it will use the outgoing interface vlan/IP.
If you do not have loopback addresses defined on your devices, there is no need sourcing your tacace commands from the loopback address.
it is just extra proccesing burdn added to the router CPU and not needed.
HTH
Reza
02-22-2010 09:43 AM
Thanks Reza.
Ya.. Im aware of the fact not to source tacacs on interfaces which arent defined, but sometimes people push policies of NCM, where it is statically defined to push, and that shouldnt break any coomunication...
Thanks again for the help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: