HP (Hewlett-Packard) 9304M Switch User Manual


 
Installation and Getting Started Guide
Specifying a Single Source Interface for Telnet, TACACS/TACACS+, or RADIUS
Packets
When the routing switch originates a Telnet, TACACS/TACACS+, or RADIUS packet, the source address of the
packet is the lowest-numbered IP address on the interface that sends the packet. You can configure the routing
switch to always the lowest-numbered IP address on a specific interface as the source addresses for these types
of packets. When you configure the routing switch to use a single source interface for all Telnet, TACACS/
TACACS+, or RADIUS packets, the routing switch uses the same IP address as the source for all packets of the
specified type, regardless of the port(s) that actually sends the packets.
Identifying a single source IP address for Telnet, TACACS/TACACS+, or RADIUS packets provides the following
benefits:
If your Telnet, TACACS/TACACS+, or RADIUS server is configured to accept packets only from specific IP
addresses, you can use this feature to simplify configuration of the server by configuring the device to always
send the packets from the same link or source address.
If you specify a loopback interface as the single source for Telnet, TACACS/TACACS+, or RADIUS packets,
servers can receive the packets regardless of the states of individual links. Thus, if a link to the server
becomes unavailable but the client or server can be reached through another link, the client or server still
receives the packets, and the packets still have the source IP address of the loopback interface.
The software contains separate CLI commands for specifying the source interface for Telnet, TACACS/TACACS+,
or RADIUS packets. You can configure a source interface for one or more of these types of packets separately.
To specify an Ethernet port or a loopback or virtual interface as the source for all TACACS/TACACS+ packets from
the device, use the following CLI method. The software uses the lowest-numbered IP address configured on the
port or interface as the source IP address for TACACS/TACACS+ packets originated by the device.
USING THE CLI
The following sections show the syntax for specifying a single source IP address for Telnet, TACACS/TACACS+,
and RADIUS packets.
Telnet Packets
To specify the lowest-numbered IP address configured on a virtual interface as the devices source for all Telnet
packets, enter commands such as the following:
HP9300(config)# int loopback 2
HP9300(config-lbif-2)# ip address 10.0.0.2/24
HP9300(config-lbif-2)# exit
HP9300(config)# ip telnet source-interface loopback 2
The commands in this example configure loopback interface 2, assign IP address 10.0.0.2/24 to the interface, then
designate the interface as the source for all Telnet packets from the routing switch.
Syntax: ip telnet source-interface ethernet <portnum> | loopback <num> | ve <num>
The <num> parameter is a loopback interface or virtual interface number. If you specify an Ethernet port, the
<portnum> is the ports number (including the slot number, if you are configuring a chassis device).
The following commands configure an IP interface on an Ethernet port and designate the address port as the
source for all Telnet packets from the routing switch.
HP9300(config)# interface ethernet 1/4
HP9300(config-if-1/4)# ip address 209.157.22.110/24
HP9300(config-if-1/4)# exit
HP9300(config)# ip telnet source-interface ethernet 1/4
TACACS/TACACS+ Packets
To specify the lowest-numbered IP address configured on a virtual interface as the devices source for all TACACS/
TACACS+ packets, enter commands such as the following:
HP9300(config)# int ve 1
HP9300(config-vif-1)# ip address 10.0.0.3/24
HP9300(config-vif-1)# exit
6 - 26