Hi All,

We are getting ready to implement tacacs into our network, and I came to a problem. We have over 300 devices to upgrade running EIGRP. The subnet that I have been given to use for loopback address for tacacs source is 172.10.10.1 255.255.255.255

I have to put that in the eigrp statement as
network 172.10.10.1 0.0.0.0

but the problem is that I cannot advertise that same block on all 300+ devices. is there a way around this using some fancy routing? The IT want to keep the source on a loopback so I cannot use any physical interfaces, and we dont have any other virtual interfaces configured like vlans etc

I have not been given more than that one IP address.

Any Ideas?
Thanks

How in the world to you plan on differentiating between your devices in your TACACS server? That is impossible.

I dont know what you are asking me. If you are telling me that this isnt working I can tell you that it is if I use diffrent subnet for each device.

What willroute4food is saying is that if you were to have 300 routers all with the TACACS source of 192.168.1.1 then the return packet from the TACACS server would never (well 1/300) get back to the right router.

Are you sure they didn't give you the whole /23 or something to use for loopbacks and to only use a /32 on each one for the loopback?

_________________
---
David
CCIE R&S #38338, CCIP, CCNP

http://networkbroadcast.co.uk - My Blog
http://twitter.com/davidrothera

Correct, if you put this:
router eigrp 100
network 172.10.10.1 0.0.0.0

on every single router then your dicked (with the exact same ip on all your loopbacks). Thats exactly what Im saying. Now, if they gave you a /23 and said use a 32 bit mask for every address, then your ok. That snippet above, along with a /32 bit mask on the interface will only advertise a /32 (auto-summary be damned) to the network...and that is doable. But if what your saying is that you only have 1 ip address for 300 routers then your screwed from the git-go.

ya, you will need a range of ip's
put in management vlan
secure.

watch out for routers it could mess up some routing if the RID changes at the next reboot.

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

That is what I thought... I will ask for a /23 to do this upgrade.

thanks