[tac_plus] Re: tac plus acl problem with specific ip address
john heasley
heas at shrubbery.net
Mon Jan 28 16:59:44 UTC 2008
Mon, Jan 28, 2008 at 08:15:18PM +0800, Tomas TRIYOSO:
> Hi,
>
> I have problem with tacacs plus implementation that I downloaded from
> ftp://ftp.shrubbery.net/pub/tac_plus
>
> Below ACL was implemented on the group HKG-OPS.
>
> acl = limit_hkg-ops {
>
> permit = 10.7.7\.
>
> permit = 172.16.113\.
>
> permit = 172.16.115\.
>
> permit = 10.5.21.2
>
> permit = 172.31.7.2
>
> permit = 172.16.115.4
>
> permit = 172.16.115.5
>
> permit = 172.16.116.254
>
> }
>
> The HKG-OPS groups successfully login to above IP address, except
> 172.16.116.254.
>
> I also try to remove all the other IP address so the acl looks below:
>
> acl = limit_hkg-ops {
>
> permit = 172.16.116.254
>
> }
>
>
>
> The HKG-OPS groups still can not login to that device. With message: "%
> authentication failure"
>
> While the other group without acl implementation, successfully login to
> the device.
check the source ip of the device's connection. ie:
ip tacacs source-interface X
More information about the tac_plus
mailing list