07-05-2007 02:33 PM - edited 03-10-2019 03:15 PM
Hi,
we are using Cisco ACS on our Cisco Aironet 1200 series AP's for Mac-Authentication, using Cisco Aironet on the definitions.
But since we would like to have all our switches logins via TACACS+ we have done the following config:
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization network default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
tacacs-server host 170.x.x.164 key [encryption key]
tacacs-server host 170.x.x.166 key [encryption key]
tacacs-server timeout 10
radius-server source-ports 1645-1646
but now the to do the Mac Authentication on our Aironet IOS AP's, we can't add a second device with same name.
is there anyone we solved it?
Jorge
07-05-2007 02:41 PM
Jorge,
You can add same device but host name has to be different.
Let says you have one aaa client name AP using tacacs. Now if you want to use it agin for radius, then name should be like AP1 with protocol Radius.
Regards,
~JG
07-05-2007 02:42 PM
Hi
Give clients different names like :
AP-TACACS - for tacacs authentication
AP-RADIUS - for radius authentication
you can choose any naming convention,(ACS will not allow 2 NAS entries with same names) this way you can add same ip address with different name and different Authentication option(radius or tacacs).
hope this helps
Regards
Rohit
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: