This feature applies to the following software applications:
The above IP-based software applications use a client-server communication model, that is, the client’s source IP address is used for unique client identification. The source IP address is determined by the system and is usually the IP address of the outgoing interface in the routing table. However, routing switches may have multiple routing interfaces due to load balancing or routing redundancy, and outgoing packets can potentially be sent by different paths at different times. This results in different source IP addresses, which creates a client identification problem on the server site. For example, there is no way to designate a fixed IP address for outgoing packets for RADIUS or TACACS, so it is necessary to configure in the RADIUS or TACACS database all possible IP addresses that are configured on the switch as valid clients. When using system logging, it can be difficult to interpret the logging and accounting data on the server site as the same client can be logged with different IP addresses.
To decrease the amount of administrative work involved, a configuration model is provided that allows the selection of an IP address to use as the source address for all outgoing traffic generated by a specified software application on the switch. This allows unique identification of the software application on the server site regardless of which local interface has been used to reach the destination server.
The CLI commandip source-interface is used to specify the source IP for an application. Different source IP addresses can be used for different software applications, but only one source IP address can be specified for each application.
Syntax
[no] ip source-interface <radius | sflow | sntp | syslog | tacacs | telnet | tftp | all> <loopback<id> | vlan <vlan-id> address <ip-address>>
Determines the source IP address used by the specified software application when transmitting IP packets. The all parameter can be used to set one IP address for all the listed applications.
The no version of the command cancels the configuration and the application reverts to its default behavior. The system determines the source IP address of outgoing application-specific IP packets at packet transmission time.
loopback <id> : Specifies that the IP address of the loopback interface is used as the source IP address in outgoing packets. If the loopback interface has no IP address, then the application reverts to the default behavior. If more than one IP address is configured, then the lowest IP address is used.
vlan <vlan-id>: Specifies that the IP address of the indicated VLAN interface is used as the source IP address of outgoing packets. If the specified VLAN interface has no IP address configured, or is down, then the application reverts to the default behavior. If more than one IP address is configured, then the lowest IP address is used.
address <ip-address> : Specifies the IP address that should be used as the source IP address of outgoing packets. The IP address must be a valid IP address configured on one of the switch’s VLAN or loopback interfaces. If the interface is down, then the application reverts to the default behavior.
The source IP address selection for the application protocols is defined through assignment of one of the following policies:
-
Outgoing Interface—the IP address of the outgoing IP interface is used as the source IP address. This is the default policy and the default behavior of applications.
-
Configured IP Address—the specific IP address that is used as the source IP address. This address is configured on one of the switch’s IP interfaces, either a VLAN interface or a Loopback interface.
-
Configured IP Interface—the IP address from the specific IP interface (VLAN or Loopback) is used as the source IP address. If there are multiple IP addresses assigned (multinetting, for example), the lowest IP address is used.
If the selection policy cannot be executed because the interface does not have an IP address configured, does not exist, or is down, the application protocol uses the default Outgoing Interface policy. A warning message is displayed, but the configuration changes are accepted. When using the show ip source-interface status command to display information about the source IP address selection policy, the administratively-assigned source IP selection policy and the actual (operational) source IP selection policy in effect are displayed. The operational source IP selection policy may be different from the assigned source selection policy if the IP interface does not exist or is down. In this case, the default of Outgoing Interface appears as the operational policy (See example below).
The administratively-assigned source IP selection policy differing from the operational policy
HP Switch(config)# show ip source-interface detail Source-IP Detailed Information Protocol : Tacacs Admin Policy : Configured IP Interface Oper Policy : Outgoing Interface Source IP Interface : Vlan 22 Source IP Address : 10.10.10.4 Source Interface State : Down
The no form of the ip source-interface command reverts the application protocols to the default behavior. The Outgoing Interface policy is used.
Below is an example of assigning a specific source IP address for a RADIUS application. The administrative policy is Configured IP Address.
A specific IP address assigned for the RADIUS application protocol
HP Switch(config)# ip source-interface radius address 10.10.10.2 HP Switch(config)# show ip source-interface radius Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- -------------- -------------- Radius | Configured IP Address vlan 3 10.10.10.2
In the example below, a VLAN interface (VLAN 22) is specified as the source IP address for TACACS. The administrative policy is Configured IP Interface.
Using a VLAN interface as the source IP address for TACACS
HP Switch(config)# ip source-interface tacacs vlan 22 HP Switch(config)# show ip source-interface tacacs Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- -------------- -------------- Tacacs | Configured IP Interface vlan 22 10.10.10.4
The next example shows a VLAN interface being specified as the source IP address for logging. The administrative policy is Configured IP Interface.
Using a VLAN interface as the source IP Address for logging (Syslog)
HP Switch(config)# ip source-interface syslog vlan 10 HP Switch(config)# show ip source-interface syslog Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- -------------- -------------- Syslog | Configured IP Interface vlan 10 10.10.10.10
There are severalshow commands that can be used to display information about the source IP interface status.
Syntax
show ip source-interface status [ radius | sflow | sntp | tacacs | telnet | tftp | syslog ]
Displays the operational status information for the source IP address selection policy. Both the administratively-assigned source IP selection policy and the operational source IP selection policy are displayed.
When no parameters are specified, policy information for all protocols is displayed.
The data displayed for source IP interface status
HP Switch(config)# show ip source-interface status Source-IP Status Information Protocol | Admin Selection Policy Oper Selection Policy -------- + ----------------------- ---------------------- Tacacs | Configured IP Interface Configured IP Interface Radius | Configured IP Address Configured IP Address Syslog | Configured IP Interface Outgoing Interface Telnet | Outgoing Interface Outgoing Interface Tftp | Outgoing Interface Outgoing Interface Sntp | Outgoing Interface Outgoing Interface Sflow | Configured IP Address Configured IP Address
When executing the show ip source-interface status command without parameters, the configured IP interfaces (VLANs) and IP addresses are displayed for each protocol.
The show ip source-interface command Output
HP Switch(config)# show ip source-interface Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- ------------- --------------- Tacacs | Configured IP Interface vlan 22 Radius | Configured IP Address 10.10.10.2 Syslog | Configured IP Interface vlan 10 Telnet | Outgoing Interface Tftp | Outgoing Interface Sntp | Outgoing Interface Sflow | Outgoing Interface
The show ip source-interface detail command displays detailed information about the configured policies, source IP address, and interface state for each protocol.
Syntax
Displays detailed operational status information for the source IP address selection policy. Information about the configured policies, source IP address and interface state are displayed.
When no parameters are specified, policy information for all protocols is displayed.
Detailed information displayed for each protocol
HP Switch(config)# show ip source-interface detail Source-IP Detailed Information Protocol : Tacacs Admin Policy : Configured IP Interface Oper Policy : Configured IP Interface Source IP Interface : vlan 22 Source IP Address : 10.10.10.4 Source Interface State : Up Protocol : Radius Admin Policy : Configured IP Address Oper Policy : Configured IP Address Source IP Interface : vlan 3 Source IP Address : 10.10.10.2 Source Interface State : Up Protocol : Syslog Admin Policy : Configured IP Interface Oper Policy : Configured IP Interface Source IP Interface : vlan 10 Source IP Address : 10.10.10.10 Source Interface State : Up Protocol : Telnet Admin Policy : Configured IP Interface Oper Policy : Configured IP Interface Source IP Interface : loopback 1 Source IP Address : 10.10.10.11 Source Interface State : Up Protocol : Tftp Admin Policy : Outgoing Interface Oper Policy : Outgoing Interface Source IP Interface : N/A Source IP Address : N/A Source Interface State : N/A Protocol : Sntp Admin Policy : Outgoing Interface Oper Policy : Outgoing Interface Source IP Interface : N/A Source IP Address : N/A Source Interface State : N/A Protocl : Sflow Admin Policy : Outgoing Interface Oper Policy : Outgoing Interface Source IP Interface : N/A Source IP Address : N/A Source Interface State : N/A
Theshow command can also be used with the application to display the source IP address selection information in effect for the application protocol.
The show radius command displaying source IP selection information
HP Switch(config)# show radius Status and Counters - General RADIUS Information Deadtime(min) : 0 Timeout(secs) : 5 Retransmit Attempts : 3 Global Encryption Key : Dynamic Authorization UDP Port : 3799 Source IP Selection : Configured IP address
The show tacacs command displaying source IP selection information
HP Switch(config)# show tacacs Status and Counters - TACACS Information Timeout : 5 Source IP Selection : Configured IP Interface Encryption Key :
The show debug command displaying source IP selection information for Syslog
HP Switch(config)# show debug Debug Logging Source IP Selection: Configured IP interface Destination: None Enabled debug types: None are enabled.
The show telnet command displaying source IP selection
HP Switch(config)# show telnet Telnet Activity Source IP Selection: 10.10.10.11 ------------------------------------------------------- Session : ** 1 Privilege: Manager From : Console To :
The following error messages may appear when configuring source IP selection if the interface does not exist, is not configured for IP, or is down.
| Error Message | Description |
|---|---|
| Warning: Specified IP address is not configured on any interface | The IP address specified has not been assigned to any interface on the switch. |
| Warning: Specified IP interface is not configured | The IP interface has not been configured. |
| Warning: Specified IP interface is not configured for IP | An IP address has not been assigned to this interface. |
| Warning: Specified IP interface is down | The interface on the switch associated with this IP address is down. |
| Warning: Specified IP interface is configured for DHCP | The IP address has not been configured specifically (manually) for this interface and may change. |