Installation and Getting Started Guide

Specifying a Single Source Interface for Telnet, TACACS/TACACS+, or RADIUS Packets

When the routing switch originates a Telnet, TACACS/TACACS+, or RADIUS packet, the source address of the packet is the lowest-numbered IP address on the interface that sends the packet. You can configure the routing switch to always the lowest-numbered IP address on a specific interface as the source addresses for these types of packets. When you configure the routing switch to use a single source interface for all Telnet, TACACS/ TACACS+, or RADIUS packets, the routing switch uses the same IP address as the source for all packets of the specified type, regardless of the port(s) that actually sends the packets.

Identifying a single source IP address for Telnet, TACACS/TACACS+, or RADIUS packets provides the following benefits:

If your Telnet, TACACS/TACACS+, or RADIUS server is configured to accept packets only from specific IP addresses, you can use this feature to simplify configuration of the server by configuring the device to always send the packets from the same link or source address.

If you specify a loopback interface as the single source for Telnet, TACACS/TACACS+, or RADIUS packets, servers can receive the packets regardless of the states of individual links. Thus, if a link to the server becomes unavailable but the client or server can be reached through another link, the client or server still receives the packets, and the packets still have the source IP address of the loopback interface.

The software contains separate CLI commands for specifying the source interface for Telnet, TACACS/TACACS+, or RADIUS packets. You can configure a source interface for one or more of these types of packets separately.

To specify an Ethernet port or a loopback or virtual interface as the source for all TACACS/TACACS+ packets from the device, use the following CLI method. The software uses the lowest-numbered IP address configured on the port or interface as the source IP address for TACACS/TACACS+ packets originated by the device.

USING THE CLI

The following sections show the syntax for specifying a single source IP address for Telnet, TACACS/TACACS+, and RADIUS packets.

Telnet Packets

To specify the lowest-numbered IP address configured on a virtual interface as the device’s source for all Telnet packets, enter commands such as the following:

HP9300(config)# int loopback 2

HP9300(config-lbif-2)# ip address 10.0.0.2/24

HP9300(config-lbif-2)# exit

HP9300(config)# ip telnet source-interface loopback 2

The commands in this example configure loopback interface 2, assign IP address 10.0.0.2/24 to the interface, then designate the interface as the source for all Telnet packets from the routing switch.

Syntax: ip telnet source-interface ethernet <portnum> loopback <num> ve <num>

The <num> parameter is a loopback interface or virtual interface number. If you specify an Ethernet port, the <portnum> is the port’s number (including the slot number, if you are configuring a chassis device).

The following commands configure an IP interface on an Ethernet port and designate the address port as the source for all Telnet packets from the routing switch.

HP9300(config)# interface ethernet 1/4

HP9300(config-if-1/4)# ip address 209.157.22.110/24

HP9300(config-if-1/4)# exit

HP9300(config)# ip telnet source-interface ethernet 1/4

TACACS/TACACS+ Packets

To specify the lowest-numbered IP address configured on a virtual interface as the device’s source for all TACACS/ TACACS+ packets, enter commands such as the following:

HP9300(config)# int ve 1

HP9300(config-vif-1)# ip address 10.0.0.3/24

HP9300(config-vif-1)# exit

6 - 26