Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2996
Views
10
Helpful
7
Replies

ip tacacs source interface command

mchockalingam
Level 1
Level 1

‎10-20-2006 05:13 AM - last edited on ‎03-25-2019 03:52 PM by Community Manager

Hi All,

We have a mgmt. subnet of 10.16.0.0/16 that we use for vlan1 and loopback0 interfaces on our devices. We have a vty access list that includes 10.16.0.0/16 for telenet/ssh access so that we can hop form one router to another directly.

I also have "ip tacacs source interface vlan1" or "ip tacacs source interface loopback0" commands on all our devices.

But when I try to hop form one router to another, I get "connection refused from remote host". Looks like the "ip tacacs source interface" command does not take any effect.

Any suggesetions?

thanks,

Meena

Labels:
0 Helpful
7 Replies 7

royalblues
Level 10
Level 10

‎10-20-2006 05:37 AM

Meena,

The error "connection refused from remote host" is generally associated when the telnet session is blocked by an access-list.

Tacacs error on the other hand is mostly an authentication failure error.

whenever a telnet session is initiated, the source IP initiating the session is the IP of the interface leading to the destination. You need to make sure that this IP is allowed in the access-list.

To isolate the problem to either Tacacs or telnet, Remove one of the device detail from the Tacacs server and try logging onto the router.

HTH, rate if it does.

Narayan

mark.edwards
Level 1
Level 1

‎10-20-2006 05:39 AM

Hi Meena,

Should you not have configured "ip telnet source interface loopback0" and not "ip tacacs source interface loopback0"?

mchockalingam
Level 1
Level 1
In response to mark.edwards

‎10-20-2006 06:05 AM

I tried using "ip telnet source interface loopback0" and it seems to work. Obviuosly, it is not a TACACS problem but the vty ACL problem. But looks like there is no equivalnet ssh command like "ip ssh source interface".

Thanks for all the replies.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to mchockalingam

‎10-20-2006 06:17 AM

Meena

In my routers running 12.3 code there is a command ip ssh source-interface. I am not clear which version introduced this command. It may not be in the version of code that you are running. But it certainly exists in some versions of IOS.

HTH

Rick

HTH

Rick
0 Helpful

mchockalingam
Level 1
Level 1
In response to Richard Burts

‎10-20-2006 08:39 AM

Rick,

You are correct. I upgraded the image and now I see the "ip ssh source-interface" command.

Thanks for your help.

Meena

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to mchockalingam

‎10-20-2006 09:05 AM

Meena

I am glad that we were able to help find a solution for your issue. Thanks for posting back to the forum indicating that the issue was resolved. It makes the forum more useful when people can read about an issue and can see that there was a solution found.

HTH

Rick

HTH

Rick
0 Helpful

royalblues
Level 10
Level 10
In response to Richard Burts

‎10-20-2006 07:35 PM

In addition to what Rick has said, i would like you to change the post status to resolved

Narayan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card