Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

TACACS and VRF

Posted on 2014-07-30
4
352 Views
Last Modified: 2014-08-05
Hi;
Is there a way to get TACACS authentication based on the VRF? We have router that sends Tacacs traffic to company MPLS network, but we are not able to view what happens to it on its way to TACACS server, is there a way to bind the traffic to the VRF and later open the port on that FW... I just want to try it out? We are getting stopped right now.

Secondly, since the other ports are closed on the server, is there a way to ping port 49 and check for the connectivity? Both TACACS and regular ping cmds do not yield much. Basically I am looking for a better way of checking if we reach the server, w/o using cisco AAA config.

Thirdly, a friend of mine was telling that VRF needs to defined even on the TACACS server, please confirm if that is right?
0
Comment
Question by:totaram
  • 2
  • 2
4 Comments
 
LVL 22

Expert Comment

by:eeRoot
ID: 40233268
You can control the source IP of a TACACS authentication request with the "ip tacacs source-interface" command (assuming you're using Cisco).  You cannot ping port numbers, because the ICMP protocol does not use port numbers.  You can use a port scanner tool to see what ports are open & not blocked by a firewall.  The VRF does not need to be defined on the server, (what does that even mean?), but the route to it needs to operational.
0
 

Author Comment

by:totaram
ID: 40233329
Thanks eeRoot for shining light;
I have two further Q's, appreciate if you can answer those..
1. So, the only way to check connectivity is via establishing right Cisco config for TACACS?
2. Can you please explain a little bit how and where can I get hold of port scanner tool? That precisely is our issue, we are unable to find where we are getting stopped out.

Thanks again..
0
 
LVL 22

Accepted Solution

by:
eeRoot earned 500 total points
ID: 40233410
1) Usually the only way to fully test TACACS, is to actually set a device to use it for authentication.
2) The most common port scanning tool is Nmap - http://nmap.org/   Although if you have a firewall between your device and the TACACS server, Nmap may not be able to detect the firewall's presence.
0
 

Author Closing Comment

by:totaram
ID: 40242732
Thank you...
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question