Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CCS 11506 Tacacs Source Interface.

Hi,

We have 4 CSS 11506 and 2 Tacacs servers.

2 CSS with same ios version but behaves different. 1 talks to the ACS server via the management interface and the other talks with ACS server via the circuit interface. Are there any command like that on the Cisco routers to define the Tacacs source Interface?

Thanks!

Tony

4 REPLIES
Cisco Employee

Re: CCS 11506 Tacacs Source Interface.

it depends on your routing table.

The CSS will select automatically the exit interface ip address as source.

There is no command to chose the interface.

Gilles.

New Member

Re: CCS 11506 Tacacs Source Interface.

In the past, TACACS was not a routable protocol over the management interface.

Has this changed? Can we now route TACACS packets to and from the server over the management interface?

Cheers, Dom

Cisco Employee

Re: CCS 11506 Tacacs Source Interface.

Tony,

The behavior you mention has not changed for TACACS.

New Member

Re: CCS 11506 Tacacs Source Interface.

We typically use a loopback address for TACACS communication. Then any single failed interface will not interfere with communications back to TACACS.

Here is the command...

ip tacacs source-interface Loopback0

JDP

267
Views
0
Helpful
4
Replies
CreatePlease login to create content