Forum Discussion
Wintrode_61162
Mar 24, 2011Nimbostratus
Is there a way to tie TACACS+ authentication traffic to mgmt IP/interface
So here is the basic problem:
Management interface configured with an IP and default gateway only.
Only a default route defined on TMM.
Everything is reachable from both networks (ie you can get to the tacacs servers from either network)
In this scenario tacacs+ traffic routes out the TMM route since it is lower cost than the mgmt route and they are both equally specific (0.0.0.0).
I want to tie the tacacs+ traffic to the management IP without having to create management host routes (or more specific network routes for fear of breaking something down the line) to the tacacs servers. Basically I want to define the "local ip" used for tacacs, akin to what you can do for syslog. Is this at all possible, or are the more specific routes required to make this work? Is there a way to associate an IP with the tacacs daemon?
Thanks for the help.
- JRahmAdminI haven't looked at this in a while, but I couldn't get source routing on auth stuff via the mgmt interface. Instead, I created nats on my mgmt network gateway so everything mgmt related (auth, dns, ntp, etc) was locally defined and thus preferred over any TMM route.
- Wintrode_61162NimbostratusGotcha. I had been speculating about doing that for another environment, but I'm not going to be able to do that in this instance.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects