Chapter 29: Security
STANDARD Revision 1.0 C4® CMTS Release 8.3 User Guide
© 2016 ARRIS Enterprises LLC. All Rights Reserved. 853
If a loopback interface is defined on the system, the CMTS uses the IPv4 address of the lowest loopback for the
TACACS+ traffic
If no loopback is defined, the CMTS uses the lowest interface (cable-mac or Ethernet) that is active and configured
with an IPv4 address at the time that in-band management is enabled on the C4 CMTS.
If a TACACS+ source interface is configured, but the respective interface is administratively shutdown, then the C4
CMTS continues to use the IPv4 address of the respective configured source interface as the source for TACACS+. The
TACACS+ server will not be reachable as long as the source-interface is shutdown.
If in-band management is disabled all the management traffic (including TACACS+) is sourced from the IPv4 address of
the Ethernet port on the SCM, and the source-interface setting is ignored.
If a TACACS+ source interface is configured, and the respective interface is administratively up, but down because of
external factors (bad cable, remote end down, RCM failure, etc.), TACACS+ will continue to be sourced from the
configured IPv4 address of the configured source interface.
If multiple IPv4 addresses are present on the interface configured as a TACACS+ source interface, the primary address
on that interface is used as the source IP address.
If an IPv4 address is not configured on the TACACS+ source interface, the C4 CMTS falls back to the default behavior
until a valid IPv4 address is configured on the respective interface.
Feature Interactions
This functionality only applies for when the C4 is managed in-band. When out-of-band management is enabled the
Ethernet management IP address will be used as a source for TACACS+ traffic.
Configuring TACACS+ Source Interface
Table 107. Configuration Commands
Use IP address of a cable-mac interface as
the source
configure tacacs source-interface cable-mac <int> [no]
Use IP address of a gigE interface as the
source
configure tacacs source-interface gigabitEthernet <slot>/<port> [no]
To Next Page
Loading...
Need help?
General
