Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

IP address sent to TACACS server

Setup a TACACS server on out network to control console and telnet access to routers and switches. Most of our remote routers have multiple wan paths to the TACACS servers and may present a different IP address depending on which path is available or least busy. This causes an authentication failure that denies access to the equipment. Is there a way to configure the router to always send a specific address, either a loopback or internal LAN IP?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

IP address sent to TACACS server

you may also go through the below listed link

http://my.safaribooksonline.com/book/networking/cisco-ios/0596527225/tacacsplus/i85779__heada__4_7

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
6 REPLIES
Cisco Employee

IP address sent to TACACS server

yes.

ip tacacs source-interface interface/vlan id

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Cisco Employee

IP address sent to TACACS server

you may also go through the below listed link

http://my.safaribooksonline.com/book/networking/cisco-ios/0596527225/tacacsplus/i85779__heada__4_7

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Cisco Employee

IP address sent to TACACS server

Did you get that working with the above suggested command?

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

IP address sent to TACACS server

Thank you. That worked!

Cisco Employee

IP address sent to TACACS server

Thanks for updating the thread.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Cisco Employee

IP address sent to TACACS server

Hi

FYI,


Device  Filter—Filters a network device (AAA client) that acts as a Policy  Enforcement Point (PEP) to the end station based on the network device's  IP address or name, or the network device group that it belongs to.

The  device identifier can be the IP address or name of the device, or it  can be based on the network device group to which the device belongs.

The  IP address is a protocol-agnostic attribute of type IPv4 that contains a  copy of the device IP address obtained from the request:

–In a RADIUS request, if Attribute 4 (NAS-IP-Address) is present,  ACS obtains the IP address from Attribute 4; otherwise, if Attribute 32  (NAS-Identifier) is present, ACS obtains the IP address from Attribute  32, or it obtains the IP address from the packet that it receives.

–In a TACACS request, the IP address is obtained from the packet that ACS receives.

408
Views
0
Helpful
6
Replies
CreatePlease to create content