IDS with tacacs

Answered Question
Jun 27th, 2007
User Badges:

Are IDS 4215 sensors compatable with tacacs? I did not see anything in the csm, the user guides or ids itself that would lead me to believe it was, but just wanted to make sure with the group.

Thank you.

Correct Answer by vitripat about 9 years 10 months ago

As of now IDS/IPS devices dont support external authentication using AAA servers. Hence the only way users can be authenticated is using the local database on the IDS/IPS device.


Hope this helps.


Regards,

Vibhor.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (3 ratings)
Loading.
Correct Answer
vitripat Wed, 06/27/2007 - 09:27
User Badges:
  • Gold, 750 points or more

As of now IDS/IPS devices dont support external authentication using AAA servers. Hence the only way users can be authenticated is using the local database on the IDS/IPS device.


Hope this helps.


Regards,

Vibhor.

marcabal Wed, 06/27/2007 - 11:38
User Badges:
  • Cisco Employee,


Just some additional comments that may or may not help in your planning.


Most of the time it is multi-user environments that require tacacs+ support.


Often these same environments are where CSM is being used for management, and MARS is being used for monitoring.


Both CSM and MARS are built for multi-user environments, and I believe that CSM supports tacacs+ for loggin into the CSM client. And I am fairly sure MARS also supports tacacs+.


When CSM and/or MARS accesses the sensor they will do so through a single account for all tranmission of data regardless of which user requested the change; rather than trying to connect to the sensor using the same account through which the changes were made in CSM and/or MARS.


So at least for day to day monitoring and configuration activities you use tacacs when using CSM and MARS for those activities.


Then it is only the periodic troubleshooting requiring direct sensor access that wont fit into your tacacs+ model and local accounts would need to be used on the sensor.


mhellman Thu, 06/28/2007 - 06:49
User Badges:
  • Blue, 1500 points or more

I believe tacacs+ is on the roadmap for MARS, but it is currently not supported. Only local authentication is. You don't really use MARS for day to day management either though. All MARS really does today is collect the events.

rhermes Thu, 06/28/2007 - 09:11
User Badges:
  • Gold, 750 points or more

The lack of tacacs+ or RADIUS support on the IPS sensors have caused me to fail many a security audit and have made me explain WHY my security devices are less secure than the hosts they protect.

mhellman Thu, 06/28/2007 - 09:34
User Badges:
  • Blue, 1500 points or more

you may be aware of this already, but you can limit access at the network level and enable password lockouts. Still using local credentials of course;-(

Actions

This Discussion