Solved

TACACS and VRF

Posted on 2014-07-30
4
336 Views
Last Modified: 2014-08-05
Hi;
Is there a way to get TACACS authentication based on the VRF? We have router that sends Tacacs traffic to company MPLS network, but we are not able to view what happens to it on its way to TACACS server, is there a way to bind the traffic to the VRF and later open the port on that FW... I just want to try it out? We are getting stopped right now.

Secondly, since the other ports are closed on the server, is there a way to ping port 49 and check for the connectivity? Both TACACS and regular ping cmds do not yield much. Basically I am looking for a better way of checking if we reach the server, w/o using cisco AAA config.

Thirdly, a friend of mine was telling that VRF needs to defined even on the TACACS server, please confirm if that is right?
0
Comment
Question by:totaram
  • 2
  • 2
4 Comments
 
LVL 22

Expert Comment

by:eeRoot
ID: 40233268
You can control the source IP of a TACACS authentication request with the "ip tacacs source-interface" command (assuming you're using Cisco).  You cannot ping port numbers, because the ICMP protocol does not use port numbers.  You can use a port scanner tool to see what ports are open & not blocked by a firewall.  The VRF does not need to be defined on the server, (what does that even mean?), but the route to it needs to operational.
0
 

Author Comment

by:totaram
ID: 40233329
Thanks eeRoot for shining light;
I have two further Q's, appreciate if you can answer those..
1. So, the only way to check connectivity is via establishing right Cisco config for TACACS?
2. Can you please explain a little bit how and where can I get hold of port scanner tool? That precisely is our issue, we are unable to find where we are getting stopped out.

Thanks again..
0
 
LVL 22

Accepted Solution

by:
eeRoot earned 500 total points
ID: 40233410
1) Usually the only way to fully test TACACS, is to actually set a device to use it for authentication.
2) The most common port scanning tool is Nmap - http://nmap.org/   Although if you have a firewall between your device and the TACACS server, Nmap may not be able to detect the firewall's presence.
0
 

Author Closing Comment

by:totaram
ID: 40242732
Thank you...
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now