The source IP selection policy
The source IP address selection for the application protocols is defined through assignment of one of the following policies:
Outgoing Interface—the IP address of the outgoing IP interface is used as the source IP address. This is the default policy and the default behavior of applications.
Configured IP Address—the specific IP address that is used as the source IP address. This address is configured on one of the switch’s IP interfaces, either a VLAN interface or a Loopback interface.
Configured IP Interface—the IP address from the specific IP interface (VLAN or Loopback) is used as the source IP address. If there are multiple IP addresses assigned (multinetting, for example), the lowest IP address is used.
If the selection policy cannot be executed because the interface does not have an IP address configured, does not exist, or is down, the application protocol uses the default Outgoing Interface policy. A warning message is displayed, but the configuration changes are accepted. When using the show ip source-interface status command to display information about the source IP address selection policy, the administratively-assigned source IP selection policy and the actual (operational) source IP selection policy in effect are displayed.
The operational source IP selection policy may be different from the assigned source selection policy if the IP interface does not exist or is down. In this case, the default of Outgoing Interface appears as the operational policy, as shown in the following example.
The administratively-assigned source IP selection policy differing from the operational policy
switch(config)# show ip source-interface detail tacacs Source-IP Detailed Information Protocol : Tacacs Admin Policy : Configured IP Interface Oper Policy : Outgoing Interface Source IP Interface : Vlan 22 Source IP Address : 10.10.10.4 Source Interface State : Down
Below is an example of assigning a specific source IP address for a RADIUS application. The administrative policy is Configured IP Address.
A specific IP address assigned for the RADIUS application protocol
switch(config)# ip source-interface radius address 10.10.10.2 switch(config)# show ip source-interface radius Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- -------------- -------------- Radius | Configured IP Address vlan 3 10.10.10.2
In the example below, a VLAN interface (VLAN 22) is specified as the source IP address for TACACS. The administrative policy is Configured IP Interface.
Using a VLAN interface as the source IP address for TACACS
switch(config)# ip source-interface tacacs vlan 22 switch(config)# show ip source-interface tacacs Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- -------------- -------------- Tacacs | Configured IP Interface vlan 22 10.10.10.4
The next example shows a VLAN interface being specified as the source IP address for logging. The administrative policy is Configured IP Interface.
Using a VLAN interface as the source IP Address for logging (Syslog)
switch(config)# ip source-interface syslog vlan 10 switch(config)# show ip source-interface syslog Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- -------------- -------------- Syslog | Configured IP Interface vlan 10 10.10.10.10