Foundry Switch and Router Installation and Configuration Guide
The software contains separate CLI commands for specifying the source interface for Telnet, TACACS/TACACS+,
and RADIUS packets. You can configure a source interface for one or more of these types of packets.
To specify an Ethernet or POS port or a loopback or virtual interface as the source for all TACACS/TACACS+
packets from the device, use the following CLI method. The software uses the lowest-numbered IP address
configured on the port or interface as the source IP address for TACACS/TACACS+ packets originated by the
device.
To specify the lowest-numbered IP address configured on a virtual interface as the device's source for all TACACS/
TACACS+ packets, enter commands such as the following:
BigIron(config)# int ve 1
BigIron(config-vif-1)# ip address 10.0.0.3/24
BigIron(config-vif-1)# exit
BigIron(config)# ip tacacs source-interface ve 1
The commands in this example configure virtual interface 1, assign IP address 10.0.0.3/24 to the interface, then
designate the interface as the source for all TACACS/TACACS+ packets from the Layer 3 Switch.
Syntax: ip tacacs source-interface ethernet <portnum> | pos <portnum> | loopback <num> | ve <num>
The <num> parameter is a loopback interface or virtual interface number. If you specify an Ethernet or POS port,
the <portnum> is the port's number (including the slot number, if you are configuring a chassis device).
Displaying TACACS/TACACS+ Statistics and Configuration Information
The show aaa command displays information about all TACACS+ and RADIUS servers identified on the device.
For example:
BigIron# show aaa
Tacacs+ key: foundry
Tacacs+ retries: 1
Tacacs+ timeout: 15 seconds
Tacacs+ dead-time: 3 minutes
Tacacs+ Server: 207.95.6.90 Port:49:
no connection
Radius key: networks
Radius retries: 3
Radius timeout: 3 seconds
Radius dead-time: 3 minutes
Radius Server:
no connection
The following table describes the TACACS/TACACS+ information displayed by the show aaa command.
Table 3.3: Output of the show aaa command for TACACS/TACACS+
Field
Tacacs+ key
Tacacs+ retries
Tacacs+ timeout
Tacacs+ dead-time
3 - 28
opens=6 closes=3 timeouts=3 errors=0
packets in=4 packets out=4
207.95.6.90 Auth Port=1645 Acct Port=1646:
opens=2 closes=1 timeouts=1 errors=0
packets in=1 packets out=4
Description
The setting configured with the tacacs-server key command. At the Super User
privilege level, the actual text of the key is displayed. At the other privilege levels, a
string of periods (....) is displayed instead of the text.
The setting configured with the tacacs-server retransmit command.
The setting configured with the tacacs-server timeout command.
The setting configured with the tacacs-server dead-time command.
December 2000