SD- Branch

last person joined: 9 days ago 

Expand all | Collapse all

Radius/Tacacs NAD device

This thread has been viewed 16 times
  • 1.  Radius/Tacacs NAD device

    Posted Mar 27, 2021 02:37 PM
    Hello,

    I've a SD-Branch configuration with a 9004 as VPNC in the Datacenter and a 9004 as BGW connected to a 6200F.
    In het DC there is also a CPPM server active.
    The routing is working and the switch the can reach CPPM in the DC.

    I configured Tacacs authentication on the 6300F  for switch login via CPPM.
    On CPPM  i configured the 6300F switch ip as the NAD device with the correct secret.

    What is saw in the CPPM logging, is that the VPNC is acting as Tacacs client an not the 6300F.
    Is the the VPNC acting as proxy?
    and how can i change this behaviour?



    ------------------------------
    Luca Roos
    ------------------------------


  • 2.  RE: Radius/Tacacs NAD device

    Posted Mar 28, 2021 09:54 AM
    Are you natting that traffic at the headend ?
    do you have the following command defined ?
    ip source-interface tacacs [Switch MGMT IP]


    ------------------------------
    Victor Fabian, ACEX#8
    Mobility Architect @ WEI
    ------------------------------



  • 3.  RE: Radius/Tacacs NAD device

    Posted Mar 30, 2021 04:23 AM
    Hi Victor,

    you pushed me in the right direction!
    "IP NAT" was enabled on the VPNC poort (vlan)  that was connected to the LAN.
    I guess i enabled it because i was also missing a route the the branch subnets from a router in the DC. 

    Solution: Added a static route on my router in de DC and disabled 'ip nat" on the VPNC vlan that conneceted my DC LAN.

    Thanks!

    ------------------------------
    Luca Roos
    ------------------------------