<div dir="ltr"><div>All users can execute ip route A.A.A.A B.B.B.B <VlanX/GigabitX> <next-hop IP>. However, without <VlanX/GigabitX>, tacacs should reject it.<br><br>Meaning the ip route command would have to contain a VLAN or Interface specifier , or be rejected.<br><br>Here are some examples:<br><br>Good static route – accepted:<br>ip route 192.168.1.128 255.255.255.192 Vlan1686 192.168.1.6 name foo_to_bar<br>ip route 192.168.2.0 255.255.255.0 TenGigabitEthernet4/16.689 192.168.2.12<br>ip route vrf S609150:1678 172.26.0.0 255.255.0.0 Vlan1682 10.35.174.33<br><br>Bad static route: - rejected:<br>ip route vrf s617:securities-micro:B 192.168.7.60 255.255.255.255 192.168.7.58<br>ip route 172.29.141.48 255.255.255.240 172.26.250.73 name bar_to_foo<br><br></div>Thanks<br clear="all"><div><br>-- <br><div class="gmail_signature">Asif Iqbal<br>PGP Key: 0xE62693C5 KeyServer: <a href="http://pgp.mit.edu" target="_blank">pgp.mit.edu</a><br>A: Because it messes up the order in which people normally read text.<br>Q: Why is top-posting such a bad thing?<br><br></div>
</div></div>