Cisco Cisco Packet Data Interworking Function (PDIF)
TACACS+ Configuration Mode Commands
rem_addr client-ip ▀
Command Line Interface Reference, StarOS Release 17 ▄
8863
rem_addr client-ip
Sends a remote client IPv4 address field in the TACACS+ protocol for use by a Cisco Secure ACS server.
Product
All products
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > TACACS+ Configuration
configure > tacacs mode
Entering the above command sequence results in the following prompt:
[local]host_name(config-tacacs)#
Syntax
[ default | no ] rem_addr client-ip
default
Disables the sending of a remote client IP address field to a Cisco Secure ACS server for a TACACS+ login
request.
request.
no
Disables the sending of a remote client IP address field to a Cisco Secure ACS server for a TACACS+ login
request.
request.
Usage
A Cisco Secure ACS server can be configured to explicitly check the NAS source address for TACACS+
connections. StarOS may not properly set the rem_addr field in the TACACS+ protocol packet when
initiating a connection with the Cisco Secure ACS server. This may cause the Cisco Secure ACS server to
reject the TACACS+ login request.
connections. StarOS may not properly set the rem_addr field in the TACACS+ protocol packet when
initiating a connection with the Cisco Secure ACS server. This may cause the Cisco Secure ACS server to
reject the TACACS+ login request.
Important:
The default behavior is to not fill in the rem_addr field.
This CLI command enables the setting and sending of the remote address to the IPv4 address associated with
the local context management interface for customers who require this field to be verified via the Cisco
Secure ACS server.
When enabled the rem_addr field contains the ssh client IP address in ASCII form. If the IP address cannot be
retrieved, the length is set to zero.
the local context management interface for customers who require this field to be verified via the Cisco
Secure ACS server.
When enabled the rem_addr field contains the ssh client IP address in ASCII form. If the IP address cannot be
retrieved, the length is set to zero.
Example
The following command enables the sending of the rem_addr field to a Cisco Secure ACS server for a
TACACS+ login request:
TACACS+ login request:
rem_addr client-ip arg1