Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
772
Views
0
Helpful
4
Replies

CCS 11501 Tacacs Source Interface.

Go to solution
andydowns
Level 1
Level 1

‎03-09-2006 05:05 PM

Hello all,

I am trying to use the management interface of a CCS11501 as the source interface of any Tacacs+ authentication.

I have added a managment route for the subnet where the tacacas servers are but authentication is still going via circuit VLAN1.

It will not allow me to add a "normal" route due to the overlap with the management interface.

What I really want is a tacacs source interface equivalant.

Any and all help appreciated,

Andrew.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pgolding
Level 1
Level 1

‎03-14-2006 09:59 PM

Andrew,

The CSS management interface is not designed to be used for user traffic flow or for tacacs, radius, syslog, ntp etc. Therefore there is no way to force tacacs traffic to use this interface. Also there is no equivelent to "ip tacacs source-interface" in IOS.

The management interface was designed to be used only for telnet, ssh and web GUI access to the CSS.

Peter

View solution in original post

0 Helpful
4 Replies 4

Go to solution
pgolding
Level 1
Level 1

‎03-14-2006 09:59 PM

Andrew,

The CSS management interface is not designed to be used for user traffic flow or for tacacs, radius, syslog, ntp etc. Therefore there is no way to force tacacs traffic to use this interface. Also there is no equivelent to "ip tacacs source-interface" in IOS.

The management interface was designed to be used only for telnet, ssh and web GUI access to the CSS.

Peter

0 Helpful

Go to solution
rich.polyak
Level 1
Level 1

‎03-16-2006 04:44 AM

What version of the Content switch software are you running? I have utilized the management interface for tacacs from 1105x's to 1150x, If I just add the management route as you described it worked flawlessly.

0 Helpful

Go to solution
andydowns
Level 1
Level 1
In response to rich.polyak

‎04-12-2006 06:22 PM

Hello,

thanks for the reply and my apologies for the delay in replying.

Version details:

Version: sg0810002 (08.10.0.02)

Flash (Locked): 08.10.0.02

Flash (Operational): 08.10.0.02

Type: PRIMARY

Licensed Cmd Set(s): Standard Feature Set

0 Helpful

Go to solution
r.overberg
Level 1
Level 1
In response to andydowns

‎04-16-2006 08:48 AM

The 11500 will refuse to talk to a TACACS server that isn't on a directly attached network. If your TACACS server isn't on that same net, you can alter the netmask on the management interface to make it beleive it is directly attached. Combine that with a management-route and a network that will proxy-arp for your TACACS server and you are all set.

0 Helpful
Customers Also Viewed These Support Documents