Configuring a single source IP address for software applications
Specifying the source IP address
Only one source IP address can be specified for each software application.
Do one of the following:
Use the following command to specify the source IP address for the specified software application.
ip source-interface < radius | sflow | sntp | syslog | tacacs | telnet | tftp > < loopback <id> | vlan <vlan-id> | address <ip-address> >
Use the following command to specify the source IP address for all software applications.
ip source-interface all < loopback <id> | vlan <vlan-id> | address <ip-address> >
loopback <id> : Specifies that the IP address of the loopback interface is used as the source IP address in outgoing packets. If the loopback interface has no IP address, then the application reverts to the default behavior. If more than one IP address is configured, then the lowest IP address is used.
vlan <vlan-id> : Specifies that the IP address of the indicated VLAN interface is used as the source IP address of outgoing packets. If the specified VLAN interface has no IP address configured, or is down, then the application reverts to the default behavior. If more than one IP address is configured, then the lowest IP address is used.
address <ip-address> : Specifies the IP address that should be used as the source IP address of outgoing packets. The IP address must be a valid IP address configured on one of the switch’s VLAN or loopback interfaces. If the interface is down, then the application reverts to the default behavior.
Canceling the source IP address assignment
When the source IP address assignment for a software application is canceled, the application reverts to its default behavior and the system determines the source IP address of outgoing application-specific IP packets at packet transmission time.
Do one of the following:
Use the following command to cancel the source IP address assignment for the specified software application.
no ip source-interface < radius | sflow | sntp | syslog | tacacs | telnet | tftp >
Use the following command to cancel the source IP address assignment for all software applications.
no ip source-interface all
Viewing source IP address configurations
Do one of the following:
Use the following command to view the source IP address configuration for the specified protocol.
show ip source-interface [ radius | sflow | sntp | tacacs | telnet | tftp | syslog ]
Use the following command to view the source IP address configuration for all protocols.
show ip source-interface
Examples
A specific IP address assigned for the RADIUS application protocol
switch(config)# ip source-interface radius address 10.10.10.2 switch(config)# show ip source-interface radius Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- -------------- -------------- Radius | Configured IP Address vlan 3 10.10.10.2
A VLAN interface assigned as the source IP address for the TACACS application protocol
switch(config)# ip source-interface tacacs vlan 22 switch(config)# show ip source-interface tacacs Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- -------------- -------------- Tacacs | Configured IP Interface vlan 22 10.10.10.4
Source IP address configurations for all application protocols
switch(config)# show ip source-interface Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- ------------- --------------- Tacacs | Configured IP Interface vlan 22 Radius | Configured IP Address 10.10.10.2 Syslog | Configured IP Interface vlan 10 Telnet | Outgoing Interface Tftp | Outgoing Interface Sntp | Outgoing Interface Sflow | Outgoing Interface
Viewing source IP selection policy status
Do one of the following:
Use the following command to view the source IP selection policy status for the specified protocol.
show ip source-interface status [ radius | sflow | sntp | tacacs | telnet | tftp | syslog ]
Use the following command to view the source IP selection policy status for all protocols.
show ip source-interface status
Source IP selection policy status for all application protocols
switch(config)# show ip source-interface status Source-IP Status Information Protocol | Admin Selection Policy Oper Selection Policy -------- + ----------------------- ---------------------- Tacacs | Configured IP Interface Configured IP Interface Radius | Configured IP Address Configured IP Address Syslog | Configured IP Interface Outgoing Interface Telnet | Outgoing Interface Outgoing Interface Tftp | Outgoing Interface Outgoing Interface Sntp | Outgoing Interface Outgoing Interface Sflow | Configured IP Address Configured IP Address
More information
| The source IP selection policy |
Viewing full source IP details
The full source IP details for an application protocol include the source IP selection policy status, the source IP address configuration, and the state of the source IP interface.
Do one of the following:
Use the following command to view the full source IP details for the specified protocol.
show ip source-interface detail [ radius | sflow | sntp | tacacs | telnet | tftp | syslog ]
Use the following command to view the full source IP details for all protocols.
show ip source-interface detail
Examples
Detailed information displayed for the Tacacs application protocol
switch(config)# show ip source-interface detail tacacs Source-IP Detailed Information Protocol : Tacacs Admin Policy : Configured IP Interface Oper Policy : Outgoing Interface Source IP Interface : Vlan 22 Source IP Address : 10.10.10.4 Source Interface State : Down
Detailed information displayed for each application protocol
switch(config)# show ip source-interface detail Source-IP Detailed Information Protocol : Tacacs Admin Policy : Configured IP Interface Oper Policy : Configured IP Interface Source IP Interface : vlan 22 Source IP Address : 10.10.10.4 Source Interface State : Up Protocol : Radius Admin Policy : Configured IP Address Oper Policy : Configured IP Address Source IP Interface : vlan 3 Source IP Address : 10.10.10.2 Source Interface State : Up Protocol : Syslog Admin Policy : Configured IP Interface Oper Policy : Configured IP Interface Source IP Interface : vlan 10 Source IP Address : 10.10.10.10 Source Interface State : Up Protocol : Telnet Admin Policy : Configured IP Interface Oper Policy : Configured IP Interface Source IP Interface : loopback 1 Source IP Address : 10.10.10.11 Source Interface State : Up Protocol : Tftp Admin Policy : Outgoing Interface Oper Policy : Outgoing Interface Source IP Interface : N/A Source IP Address : N/A Source Interface State : N/A Protocol : Sntp Admin Policy : Outgoing Interface Oper Policy : Outgoing Interface Source IP Interface : N/A Source IP Address : N/A Source Interface State : N/A Protocl : Sflow Admin Policy : Outgoing Interface Oper Policy : Outgoing Interface Source IP Interface : N/A Source IP Address : N/A Source Interface State : N/A
Viewing protocol configuration and status information
Use the following command to view configuration and status information for the specified application protocol. The displayed information includes the operational source IP selection policy.
show [ radius | sflow | sntp | tacacs | telnet | tftp | syslog ]
Examples
Details for the Radius application protocol
switch(config)# show radius Status and Counters - General RADIUS Information Deadtime(min) : 0 Timeout(secs) : 5 Retransmit Attempts : 3 Global Encryption Key : Dynamic Authorization UDP Port : 3799 Source IP Selection : Configured IP address
Configuration error messages
The following error messages may appear when configuring source IP selection if the interface does not exist, is not configured for IP, or is down.
| Error Message | Description |
|---|---|
| Warning: Specified IP address is not configured on any interface | The IP address specified has not been assigned to any interface on the switch. |
| Warning: Specified IP interface is not configured | The IP interface has not been configured. |
| Warning: Specified IP interface is not configured for IP | An IP address has not been assigned to this interface. |
| Warning: Specified IP interface is down | The interface on the switch associated with this IP address is down. |
| Warning: Specified IP interface is configured for DHCP | The IP address has not been configured specifically (manually) for this interface and may change. |
Overview of single source IP addresses for software applications
A single source IP address can be configured for the following software applications:
RADIUS
SFlow
SNTP
System Logging applications
TACACS
Telnet
TFTP
The above IP-based software applications use a client-server communication model, that is, the client’s source IP address is used for unique client identification. The source IP address is determined by the system and is usually the IP address of the outgoing interface in the routing table. However, routing switches may have multiple routing interfaces due to load balancing or routing redundancy, and outgoing packets can potentially be sent by different paths at different times. This results in different source IP addresses, which creates a client identification problem on the server site. For example, there is no way to designate a fixed IP address for outgoing packets for RADIUS or TACACS, so it is necessary to configure in the RADIUS or TACACS database all possible IP addresses that are configured on the switch as valid clients. When using system logging, it can be difficult to interpret the logging and accounting data on the server site as the same client can be logged with different IP addresses.
To decrease the amount of administrative work involved, a configuration model is provided that allows the selection of an IP address to use as the source address for all outgoing traffic generated by a specified software application on the switch. This allows unique identification of the software application on the server site regardless of which local interface has been used to reach the destination server.
The source IP selection policy
The source IP address selection for the application protocols is defined through assignment of one of the following policies:
Outgoing Interface—the IP address of the outgoing IP interface is used as the source IP address. This is the default policy and the default behavior of applications.
Configured IP Address—the specific IP address that is used as the source IP address. This address is configured on one of the switch’s IP interfaces, either a VLAN interface or a Loopback interface.
Configured IP Interface—the IP address from the specific IP interface (VLAN or Loopback) is used as the source IP address. If there are multiple IP addresses assigned (multinetting, for example), the lowest IP address is used.
If the selection policy cannot be executed because the interface does not have an IP address configured, does not exist, or is down, the application protocol uses the default Outgoing Interface policy. A warning message is displayed, but the configuration changes are accepted. When using the show ip source-interface status command to display information about the source IP address selection policy, the administratively-assigned source IP selection policy and the actual (operational) source IP selection policy in effect are displayed.
The operational source IP selection policy may be different from the assigned source selection policy if the IP interface does not exist or is down. In this case, the default of Outgoing Interface appears as the operational policy, as shown in the following example.
The administratively-assigned source IP selection policy differing from the operational policy
switch(config)# show ip source-interface detail tacacs Source-IP Detailed Information Protocol : Tacacs Admin Policy : Configured IP Interface Oper Policy : Outgoing Interface Source IP Interface : Vlan 22 Source IP Address : 10.10.10.4 Source Interface State : Down
Below is an example of assigning a specific source IP address for a RADIUS application. The administrative policy is Configured IP Address.
A specific IP address assigned for the RADIUS application protocol
switch(config)# ip source-interface radius address 10.10.10.2 switch(config)# show ip source-interface radius Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- -------------- -------------- Radius | Configured IP Address vlan 3 10.10.10.2
In the example below, a VLAN interface (VLAN 22) is specified as the source IP address for TACACS. The administrative policy is Configured IP Interface.
Using a VLAN interface as the source IP address for TACACS
switch(config)# ip source-interface tacacs vlan 22 switch(config)# show ip source-interface tacacs Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- -------------- -------------- Tacacs | Configured IP Interface vlan 22 10.10.10.4
The next example shows a VLAN interface being specified as the source IP address for logging. The administrative policy is Configured IP Interface.
Using a VLAN interface as the source IP Address for logging (Syslog)
switch(config)# ip source-interface syslog vlan 10 switch(config)# show ip source-interface syslog Source-IP Configuration Information Protocol | Admin Selection Policy IP Interface IP Address -------- + ----------------------- -------------- -------------- Syslog | Configured IP Interface vlan 10 10.10.10.10