Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Tacacs+ over VRF

Hi,

We've 4 CAT3750ME configured as layer3 MPLS devices for our core network. I'm trying to configure Tacacs on these devices but I'm facing some difficulities.

On Cisco web site, I found the document titled "Per VRF for TACACS+ Severs": http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080434619.html

explaining how to configure a AAA server group adding the commands under it, mentioning that this feature was first introduced on release 12.3(7)T

The problem I'm facing is that the latest IOS version for the 3750ME is 12.2.37-SE (ED)!

Did anyone managed to configure Tacacs in similar situation. The route to the Tacacs server is only known by the vrf routing table, i.e.:

SW3414#sh ip route 10.300.156.75

% Network not in table

!

SW3414#sh ip route vrf MainData 10.300.156.75

Routing entry for 10.300.156.75/32

Known via "ospf 100", distance 110, metric 1

Tag Complete, Path Length == 0, , type extern 2, forward metric 10

Redistributing via bgp 65530

Advertised by bgp 65530 route-map ROUTES-IN

Last update from 10.200.31.21 on Vlan104, 00:36:08 ago

Routing Descriptor Blocks:

* 10.200.31.21, from 10.100.0.3, 00:36:08 ago, via Vlan104

Route metric is 1, traffic share count is 1

Route tag 3221225472

As you would notice from the above, we use iBGP to carry OSPF routes between the four 3750ME switches where OSPF is used for sites hanging off those ME's

Thanks,

Daniel

1 REPLY
Bronze

Re: Tacacs+ over VRF

Enhanced support for the provisioning of Metro Ethernet services - These features include VLAN translation (you can enable one-to-one or two-to-one VLAN translation), storm control settings, enhanced Policy for Virtual Circuit ID (VC ID) attributes, Cisco Catalyst? 6500 Series Supervisor Engine 720 support on Cisco 7600 Series routers (no longer require the Optical Service Module [OSM] card), Cisco Catalyst 3750 Metro Series switches, and UNI Port Security.

538
Views
1
Helpful
1
Replies