[c-nsp] VRF and Tacas
Jurgen Marenda
jm at ilk.net
Wed Mar 16 18:03:13 EDT 2011
> If I remember right under the tacacs server configuration you
> need to tell
> it to use the vrf. This might be under the server group also.
Like this (on 876W):
!
aaa new-model
aaa authentication login default group custaaa local-case
aaa authentication enable default group custaaa enable
aaa authentication ppp default local-case
aaa authentication dot1x default group rad-dotx local-case
aaa authorization exec default group custaaa local if-authenticated
aaa accounting dot1x default start-stop group rad-dotx
aaa session-id common
!
aaa group server tacacs+ custaaa
server 10.11.12.13
ip tacacs source-interface Loopback0
!
aaa group server radius rad-dotx
server 10.12.13.14 auth-port 1812 acct-port 1813
server 10.13.14.15 auth-port 1812 acct-port 1813
ip vrf forwarding pikatchu
!
! somehow redundant but nessessary
tacacs-server host 10.11.12.13
radius-server host 10.12.13.14 auth-port 1812 acct-port 1813 key
winniethepooh
radius-server host 10.13.14.15 auth-port 1812 acct-port 1813 key tiggerandco
!
the "aaa authentication ppp default local-case" is for BRI admin access
with local user/password when DSL is not working
and therefore the tacacs server is unreachable.
Hope this help's
Juergen.
More information about the cisco-nsp
mailing list