Solved

TACACS and VRF

Posted on 2014-07-30
4
354 Views
Last Modified: 2014-08-05
Hi;
Is there a way to get TACACS authentication based on the VRF? We have router that sends Tacacs traffic to company MPLS network, but we are not able to view what happens to it on its way to TACACS server, is there a way to bind the traffic to the VRF and later open the port on that FW... I just want to try it out? We are getting stopped right now.

Secondly, since the other ports are closed on the server, is there a way to ping port 49 and check for the connectivity? Both TACACS and regular ping cmds do not yield much. Basically I am looking for a better way of checking if we reach the server, w/o using cisco AAA config.

Thirdly, a friend of mine was telling that VRF needs to defined even on the TACACS server, please confirm if that is right?
0
Comment
Question by:totaram
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 22

Expert Comment

by:eeRoot
ID: 40233268
You can control the source IP of a TACACS authentication request with the "ip tacacs source-interface" command (assuming you're using Cisco).  You cannot ping port numbers, because the ICMP protocol does not use port numbers.  You can use a port scanner tool to see what ports are open & not blocked by a firewall.  The VRF does not need to be defined on the server, (what does that even mean?), but the route to it needs to operational.
0
 

Author Comment

by:totaram
ID: 40233329
Thanks eeRoot for shining light;
I have two further Q's, appreciate if you can answer those..
1. So, the only way to check connectivity is via establishing right Cisco config for TACACS?
2. Can you please explain a little bit how and where can I get hold of port scanner tool? That precisely is our issue, we are unable to find where we are getting stopped out.

Thanks again..
0
 
LVL 22

Accepted Solution

by:
eeRoot earned 500 total points
ID: 40233410
1) Usually the only way to fully test TACACS, is to actually set a device to use it for authentication.
2) The most common port scanning tool is Nmap - http://nmap.org/   Although if you have a firewall between your device and the TACACS server, Nmap may not be able to detect the firewall's presence.
0
 

Author Closing Comment

by:totaram
ID: 40242732
Thank you...
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question