Wintrode_61162
Mar 24, 2011Nimbostratus
Is there a way to tie TACACS+ authentication traffic to mgmt IP/interface
So here is the basic problem:
Management interface configured with an IP and default gateway only.
Only a default route defined on TMM.
Everything is reachable from both networks (ie you can get to the tacacs servers from either network)
In this scenario tacacs+ traffic routes out the TMM route since it is lower cost than the mgmt route and they are both equally specific (0.0.0.0).
I want to tie the tacacs+ traffic to the management IP without having to create management host routes (or more specific network routes for fear of breaking something down the line) to the tacacs servers. Basically I want to define the "local ip" used for tacacs, akin to what you can do for syslog. Is this at all possible, or are the more specific routes required to make this work? Is there a way to associate an IP with the tacacs daemon?
Thanks for the help.