Definition of the networking term source

I have heard the term source used a lot in networking. What exactly do people mean when they say things like:
please modify your config so you can source both ssh and tacacs to the loopback interface.
or
ping the device with a source address from network nn.n.n.n

My take is that the loopback interface should be assigned the ip address that will be used to ssh to the device and that the tacacs server should have an entry for the ip address assigned to the loopback interface. If so wouldn't have been easier to say please make sure you create a loopback interface and assign it the correct address?

I am not sure how you ping with an ip sourced from a particular network, I have tried on certain devices by just typing ping and then enter to get options but I have not seen a source network option?
Dragon0x40Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DonConsolioCommented:
Source usually refers to the "sender" of a packet sent over the network.

If you have multiple interfaces on one machine and start a ping you can give the "-I" option to specify the sending interface

e.g. "ping -I nn.n.n.n pinghost"
0
Dragon0x40Author Commented:
thanks DonConsolio,

Is that ping - "eye" I or "ell" l? and is that from a windows box or a router?

10.0.0.7 is the sending interface and pinghost is the device you want to ping?

On my xp computer i option specifies ttl and the L option buffer size

c:\>ping /?

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
            [-r count] [-s count] [[-j host-list] | [-k host-list]]
            [-w timeout] target_name

Options:
    -t             Ping the specified host until stopped.
                   To see statistics and continue - type Control-Break;
                   To stop - type Control-C.
    -a             Resolve addresses to hostnames.
    -n count       Number of echo requests to send.
    -l size        Send buffer size.
    -f             Set Don't Fragment flag in packet.
    -i TTL         Time To Live.
    -v TOS         Type Of Service.
    -r count       Record route for count hops.
    -s count       Timestamp for count hops.
    -j host-list   Loose source route along host-list.
    -k host-list   Strict source route along host-list.
    -w timeout     Timeout in milliseconds to wait for each reply.
0
muffCommented:
I think windows XP will always use the exit interface as the source address of the IP packet.  You don't get an option.

On linux you have -I (capital i) to specify the interface.  On IOS you can specify on the ping command line the source, or just type ping <return> and it will prompt you for the various parameters including interface.

This "please modify your config so you can source both ssh and tacacs to the loopback interface" is looking to set up something more permanent.  With IOS you can define a loopback interface, which is effectively a virtual interface.  You give it an IP address.

Then you can use the command:

   ip ssh source-interface loopback0

Which means that any ssh packets will originate with the ip address bound to the loopback0 interface.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Dragon0x40Author Commented:
I just found out that you have to put a "y" in the extended commands prompt and it will ask for the source interface

#ping
Protocol [ip]:
Target IP address: nn.nnn.n.n
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: vlan###
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to nn.nnn.n.n, timeout is 2 seconds:
Packet sent with a source address of nn.nnn.n.n
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
0
Dragon0x40Author Commented:
thanks muff,

>>This "please modify your config so you can source both ssh and tacacs to the loopback interface" is >>looking to set up something more permanent.  With IOS you can define a loopback interface, which is >>effectively a virtual interface.  You give it an IP address.

>>Then you can use the command:

>> ip ssh source-interface loopback0

>>Which means that any ssh packets will originate with the ip address bound to the loopback0 interface.

Why would this be done? To allow this switch to match an ACL when it is used to form an SSH connection?
0
Dragon0x40Author Commented:
I learned something else: By default the closest exit interface is used as the source for the SSH packet.

ip ssh source-interface
To specify the IP address of an interface as the source address for a Secure Shell (SSH) client device, use the ip ssh source-interface command in global configuration mode. To remove the IP address as the source address, use the no form of this command.

ip ssh source-interface interface

no ip ssh source-interface interface

Syntax Description
 interface
 The interface whose address is used as the source address for the SSH client.
 



Defaults
The address of the closest interface to the destination is used as the source address (the closest interface is the output interface through which the SSH packet is sent).

Command Modes
Global configuration

Command History
 Release  Modification  
12.2(8)T
 This command was introduced.
 



Usage Guidelines
By specifying this command, you can force the SSH client to use the IP address of the source interface as the source address.

Examples
In the following example, the IP address assigned to Ethernet interface 0 will be used as the source address for the SSH client:

ip ssh source-interface ethernet0
0
Dragon0x40Author Commented:
So if the loopback address is what you identify your routers and switches by then setting the "ip ssh source-interface" woulld make it easier for you to allow/deny ssh connections and to track what devices are connecting to other devices?
0
muffCommented:
Yeah - so it would guarantee that your ssh packets always come from a single source rather than the interface they happen to leave.  This is good from a routing perspective and a security perspective.  For example, if  you are traversing firewalls, the source is the same no matter what your exit from the router.

The value of this is largely dependent on your architecture, but it is always a good idea to keep management traffic separate from general purpose traffic.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.