?
Solved

TACACS and VRF

Posted on 2014-07-30
4
Medium Priority
?
363 Views
Last Modified: 2014-08-05
Hi;
Is there a way to get TACACS authentication based on the VRF? We have router that sends Tacacs traffic to company MPLS network, but we are not able to view what happens to it on its way to TACACS server, is there a way to bind the traffic to the VRF and later open the port on that FW... I just want to try it out? We are getting stopped right now.

Secondly, since the other ports are closed on the server, is there a way to ping port 49 and check for the connectivity? Both TACACS and regular ping cmds do not yield much. Basically I am looking for a better way of checking if we reach the server, w/o using cisco AAA config.

Thirdly, a friend of mine was telling that VRF needs to defined even on the TACACS server, please confirm if that is right?
0
Comment
Question by:totaram
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 22

Expert Comment

by:eeRoot
ID: 40233268
You can control the source IP of a TACACS authentication request with the "ip tacacs source-interface" command (assuming you're using Cisco).  You cannot ping port numbers, because the ICMP protocol does not use port numbers.  You can use a port scanner tool to see what ports are open & not blocked by a firewall.  The VRF does not need to be defined on the server, (what does that even mean?), but the route to it needs to operational.
0
 

Author Comment

by:totaram
ID: 40233329
Thanks eeRoot for shining light;
I have two further Q's, appreciate if you can answer those..
1. So, the only way to check connectivity is via establishing right Cisco config for TACACS?
2. Can you please explain a little bit how and where can I get hold of port scanner tool? That precisely is our issue, we are unable to find where we are getting stopped out.

Thanks again..
0
 
LVL 22

Accepted Solution

by:
eeRoot earned 2000 total points
ID: 40233410
1) Usually the only way to fully test TACACS, is to actually set a device to use it for authentication.
2) The most common port scanning tool is Nmap - http://nmap.org/   Although if you have a firewall between your device and the TACACS server, Nmap may not be able to detect the firewall's presence.
0
 

Author Closing Comment

by:totaram
ID: 40242732
Thank you...
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month10 days, 20 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question