Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Routing Question 2

Status
Not open for further replies.

Almin

Technical User
Mar 1, 2010
137
US
Hi All,

We are getting ready to implement tacacs into our network, and I came to a problem. We have over 300 devices to upgrade running EIGRP. The subnet that I have been given to use for loopback address for tacacs source is 172.10.10.1 255.255.255.255

The problem is that I have to put that in the eigrp statement as
network 172.10.10.1 0.0.0.0

but the problem is that I cannot advertise that same block on all 300+ devices. is there a way around this using some fancy routing? The IT want to keep the source on a loopback so I cannot use any physical interfaces, and we dont have any other virtual interfaces configured like vlans etc

I have not been given more than that one IP address.

Any Ideas?
Thanks

 
Not possible. Each device needs a unique address if you want 2-way communications. 'Anycast' is the term used where you have multiple devices with the same IP address each offering the same service - this is typically used for redundancy and for client devices to reach the closest 'server' - MSDP springs to mind.

I suggest you go back to whoever dishes out IP addresses and tell them you need a /23 subnet.

Andy
 
I think they mean that is going to be the tacacs server address and you have to use that in your configs in your devices. If that subnet is already in your network and defined on Eigrp then the devices would know how to get to that address once the address is defined in your devices as the tacacs server address . Have you check to see if there is an entry for the 172.10.10.X network already ? Makes no sense to have the same address on all devices as a loopback. Think you have to get clarification as to what exactly they want.
 
No, the tacacs server ip is a different ip. I will need more ips in order to do this at least a /23 as mentioned by ADB100

Thanks
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top