Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

ACS 5.3 - IP Address of AAA Device


I've got an sample setup like shown in the attachment. The following steps has been done on setup:

  • All IP-Addresses have been configured
  • OSPF is working full
  • All traffic between R1 and R2 is unsing the tunnel interface
  • All devices can reach each other via ICMP
  • No ACL, VRF, .... is used
  • VLAN1 is using only access ports
  • All devices are configured to used Tacacs+
  • The Tacacs+ configuration at the ACS server works.

The IP-Addresses are only used for this sample, I know that 20 and 30 are public addresses.

No my problem:

I registered all the devices (R1, R2 and ASW1) to the ACS Server.

  • R1 is using his loopback address
  • R2 is using his loopback address
  • ASW1 is using his VLAN1 ip address

If I use the IP-Addresse like above only the switch ASW1 can use Tacacs+ authentication and every other device while be loged at the ACS Server like "unknown network device or AAA client". If I switch for R1 the IP-Addresse from lo10 - to Tun10 -, the Tacacs+ authentication works, seems because the Tun10 is the nearest IP-Address to the ACS Server. Than I for R2 the IP-Addresse from lo10 - to the same happens here. But I allways have to remove "ip tacacs source-interface"

Why can't I use the loopback device for registering on the ACS Server ?????

Kind regads


Everyone's tags (4)
CreatePlease to create content