Solved

TACACS and VRF

Posted on 2014-07-30
4
348 Views
Last Modified: 2014-08-05
Hi;
Is there a way to get TACACS authentication based on the VRF? We have router that sends Tacacs traffic to company MPLS network, but we are not able to view what happens to it on its way to TACACS server, is there a way to bind the traffic to the VRF and later open the port on that FW... I just want to try it out? We are getting stopped right now.

Secondly, since the other ports are closed on the server, is there a way to ping port 49 and check for the connectivity? Both TACACS and regular ping cmds do not yield much. Basically I am looking for a better way of checking if we reach the server, w/o using cisco AAA config.

Thirdly, a friend of mine was telling that VRF needs to defined even on the TACACS server, please confirm if that is right?
0
Comment
Question by:totaram
  • 2
  • 2
4 Comments
 
LVL 22

Expert Comment

by:eeRoot
ID: 40233268
You can control the source IP of a TACACS authentication request with the "ip tacacs source-interface" command (assuming you're using Cisco).  You cannot ping port numbers, because the ICMP protocol does not use port numbers.  You can use a port scanner tool to see what ports are open & not blocked by a firewall.  The VRF does not need to be defined on the server, (what does that even mean?), but the route to it needs to operational.
0
 

Author Comment

by:totaram
ID: 40233329
Thanks eeRoot for shining light;
I have two further Q's, appreciate if you can answer those..
1. So, the only way to check connectivity is via establishing right Cisco config for TACACS?
2. Can you please explain a little bit how and where can I get hold of port scanner tool? That precisely is our issue, we are unable to find where we are getting stopped out.

Thanks again..
0
 
LVL 22

Accepted Solution

by:
eeRoot earned 500 total points
ID: 40233410
1) Usually the only way to fully test TACACS, is to actually set a device to use it for authentication.
2) The most common port scanning tool is Nmap - http://nmap.org/   Although if you have a firewall between your device and the TACACS server, Nmap may not be able to detect the firewall's presence.
0
 

Author Closing Comment

by:totaram
ID: 40242732
Thank you...
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question