Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Help Needed - 3560X Tacacs Configuration

Hi,

I need to configure tacacs to communicate with ACS 5.4 over the "FastEthernet 0" port on a Cisco 3560X. Is this possible using the

"ip tacacs source-interface FastEthernet0" command ?

All other IP Interfaces are public facing and we need to get AAA communications working over the internal network using RFC 1918 space.

The ACS server will not be directly connected (i.e. on the same subnet) to the Fa0 port, so I will need to add some static routes to get to the network ACS connects on.

Does anyone foresee any issues with the above ?

Thanks,

Chris.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Help Needed - 3560X Tacacs Configuration

Chris

According to this document, the 3560X with the IP base image will do static routes.

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/qa_c67-578933_ps10744_Products_Q_and_A_Item.html

HTH

Rick

4 REPLIES
Hall of Fame Super Silver

Help Needed - 3560X Tacacs Configuration

Chris

Can you tell us how the FastEthernet0 interface is to be configured? If it is to be configured as a layer 3 interface with its own IP address then the ip tacacs source-interface command should work just fine. If the interface is to be a layer 2 interface then the ip tacacs source-interface command should be configured on the layer 3 svi for the vlan that FastEthernet0 belongs to.

Other than this I do not think that there are many issues, assuming that the 3560 does have correct IP connectivity to the tacacs server, that the tacacs server does have correct IP connectivity to the 3560, that there are not any access list filtering or firewalls in the data path between the 3560 and the tacacs server, and that the tacacs server is correctly configured to recognize the 3560 as a tacacs client and the 3560 is correctly configured to use the tacacs server for aaa.

HTH

Rick

New Member

Help Needed - 3560X Tacacs Configuration

Hi Richard,

Many thanks for your reply.

The Fa0 interface will be configured with its own IP Address.

Do you happen to know if static routes be configured to point to a next hop via this Fa0 interface with the ipbase image ?

Chris.

Hall of Fame Super Silver

Help Needed - 3560X Tacacs Configuration

Chris

According to this document, the 3560X with the IP base image will do static routes.

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/qa_c67-578933_ps10744_Products_Q_and_A_Item.html

HTH

Rick

New Member

Help Needed - 3560X Tacacs Configuration

Many thanks RIchard.

178
Views
0
Helpful
4
Replies