aaa authentication on AP's

Unanswered Question
Jul 5th, 2007
User Badges:


we are using Cisco ACS on our Cisco Aironet 1200 series AP's for Mac-Authentication, using Cisco Aironet on the definitions.

But since we would like to have all our switches logins via TACACS+ we have done the following config:

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ local

aaa authorization network default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 170.x.x.164 key [encryption key]

tacacs-server host 170.x.x.166 key [encryption key]

tacacs-server timeout 10

radius-server source-ports 1645-1646

but now the to do the Mac Authentication on our Aironet IOS AP's, we can't add a second device with same name.

is there anyone we solved it?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Thu, 07/05/2007 - 14:41
User Badges:
  • Red, 2250 points or more


You can add same device but host name has to be different.

Let says you have one aaa client name AP using tacacs. Now if you want to use it agin for radius, then name should be like AP1 with protocol Radius.



rochopra Thu, 07/05/2007 - 14:42
User Badges:
  • Cisco Employee,


Give clients different names like :

AP-TACACS - for tacacs authentication

AP-RADIUS - for radius authentication

you can choose any naming convention,(ACS will not allow 2 NAS entries with same names) this way you can add same ip address with different name and different Authentication option(radius or tacacs).

hope this helps




This Discussion