Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cannot connect remote TACACS

Hi,

Tacacs is not working in switch WS-C3560V2-48PS with software version 12.2(55)SE7

Below are the ping test from switch.

I am confused about ping from switch.

Whats the different between both ping?

 

Switch#ping 10.49.250.13

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.49.250.13, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Switch#ping 10.49.250.13 source 10.132.16.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.49.250.13, timeout is 2 seconds:
Packet sent with a source address of 10.132.16.8
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 176/177/185 ms

 

Need your expertise.

 

Thank you.

3 REPLIES
Cisco Employee

 Hi,I see you are running

 

Hi,

I see you are running ospf and have some static routes as well. Static route for 10.0.0.0/24 will be preferred for TACACS server 10.49.250.13 and 10.49.250.14, which is out of vlan 170
So when TACACS packet will go out it will take source as ip address of vlan 170 which is 10.132.17.8

So probably in the path some node is missing reverse route to 10.132.17.8. Arrange a source based trace to TACACS server (10.49.250.13) with source 10.132.16.8 and 10.132.17.8. that will lhelp to know which hop is not having reverse route for ip 10.132.17.8

 

interface Vlan1
 ip address 10.132.16.8 255.255.255.0
 ip helper-address 10.132.16.18
!
interface Vlan99
 ip address 138.218.170.214 255.255.255.252
!
interface Vlan170
 ip address 10.132.17.8 255.255.255.0
 ip helper-address 10.132.6.32
 ip helper-address 10.132.6.33
!

ip route 10.0.0.0 255.0.0.0 138.218.170.213

 

Regards,

Akash

 

New Member

Akash,How do you check the

Akash,

How do you check the preferred route is out of VLAN 170 instead of VLAN 1.

 

Switch#traceroute
Protocol [ip]: 10.49.250.13
% Unknown protocol - "10.49.250.13", type "trace ?" for help
MYSBJ-LSW37#traceroute
Protocol [ip]:
Target IP address: 10.49.250.13
Source address: 10.132.16.8
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 10.49.250.13

  1 138.218.170.213 0 msec 0 msec 0 msec
  2 138.218.170.209 8 msec 0 msec 0 msec
  3 138.218.170.246 0 msec 0 msec 0 msec
  4 138.218.170.230 8 msec 0 msec 0 msec
  5 138.218.219.226 8 msec 0 msec 8 msec
  6 138.218.218.193 168 msec 168 msec 176 msec
  7 138.218.218.45 176 msec 176 msec 176 msec
  8 10.51.1.73 185 msec 176 msec 176 msec
  9 10.51.2.226 177 msec 177 msec 176 msec
 10  *  *  *
 11  *  *  *
 12  *  *  *
 13  *  *  *
 14  *  *  *
 15  *  *  *

 

MYSBJ-LSW37#traceroute
Protocol [ip]:
Target IP address: 10.49.250.13
Source address: 10.132.17.8
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 10.49.250.13

  1 138.218.170.213 0 msec 0 msec 0 msec
  2 138.218.170.209 8 msec 0 msec 9 msec
  3 138.218.170.246 0 msec 0 msec 0 msec
  4 138.218.170.230 0 msec 0 msec 0 msec
  5 138.218.219.226 0 msec 8 msec 0 msec
  6 138.218.218.193 167 msec 168 msec 176 msec
  7 138.218.218.45 176 msec 176 msec 176 msec
  8 10.51.1.73 176 msec 176 msec 176 msec
  9 10.51.2.225 177 msec 177 msec 184 msec
 10  *  *  *
 11  *  *  *
 12  *  *  *
 13  *  *  *
 14  *  *  *
 15  *  *  *

 

Thank you.

Cisco Employee

Hi,I checked below static

Hi,

I checked below static route and was guessing that it was going out of vlan 99 but bymistake mentioned vlan 170.

ip route 10.0.0.0 255.0.0.0 138.218.170.213


Please take output of  show ip route 10.49.250.13 and also check sourcebased tracroute with source of exit interface.

 

-akash

 

41
Views
0
Helpful
3
Replies
CreatePlease login to create content