I've got an sample setup like shown in the attachment. The following steps has been done on setup:
All IP-Addresses have been configured
OSPF is working full
All traffic between R1 and R2 is unsing the tunnel interface
All devices can reach each other via ICMP
No ACL, VRF, .... is used
VLAN1 is using only access ports
All devices are configured to used Tacacs+
The Tacacs+ configuration at the ACS server works.
The IP-Addresses are only used for this sample, I know that 20 and 30 are public addresses.
No my problem:
I registered all the devices (R1, R2 and ASW1) to the ACS Server.
R1 is using his loopback address
R2 is using his loopback address
ASW1 is using his VLAN1 ip address
If I use the IP-Addresse like above only the switch ASW1 can use Tacacs+ authentication and every other device while be loged at the ACS Server like "unknown network device or AAA client". If I switch for R1 the IP-Addresse from lo10 - 126.96.36.199 to Tun10 - 188.8.131.52, the Tacacs+ authentication works, seems because the Tun10 is the nearest IP-Address to the ACS Server. Than I for R2 the IP-Addresse from lo10 - 184.108.40.206 to 172.16.0.1 the same happens here. But I allways have to remove "ip tacacs source-interface"
Why can't I use the loopback device for registering on the ACS Server ?????
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...