Symptom
when we try to use tacacs to login to the router. using Username@10.102.x.x ISE2 . The Source interface will always be the one specified in the group first.
aaa authentication login default group ise1 group ISE2 .
Conditions
Tacacs Configuration:
aaa authentication login default local group ise1 group ise2
aaa group server tacacs+ ise1
server name ise11
ip vrf forwarding Mgmt-intf
ip tacacs source-interface GigabitEthernet0
aaa group server tacacs+ ise2
server name ise22
ip tacacs source-interface GigabitEthernet0/0/0
tacacs-server directed-request
tacacs server ise11
address ipv4 10.101.x.x
key 1234
tacacs server ise22
address ipv4 10.102.x.x
key 1234
Now login using username@10.102.x.x >> the source interface will be GigabitEthernet0 instead of GigabitEthernet0/0/0.
