aaa authentication on AP's

jorge.s · ‎07-05-2007

Hi,

we are using Cisco ACS on our Cisco Aironet 1200 series AP's for Mac-Authentication, using Cisco Aironet on the definitions.

But since we would like to have all our switches logins via TACACS+ we have done the following config:

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ local

aaa authorization network default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 170.x.x.164 key [encryption key]

tacacs-server host 170.x.x.166 key [encryption key]

tacacs-server timeout 10

radius-server source-ports 1645-1646

but now the to do the Mac Authentication on our Aironet IOS AP's, we can't add a second device with same name.

is there anyone we solved it?

Jorge

Jagdeep Gambhir · ‎07-05-2007

Jorge,

You can add same device but host name has to be different.

Let says you have one aaa client name AP using tacacs. Now if you want to use it agin for radius, then name should be like AP1 with protocol Radius.

Regards,

~JG

rochopra · ‎07-05-2007

Hi

Give clients different names like :

AP-TACACS - for tacacs authentication

AP-RADIUS - for radius authentication

you can choose any naming convention,(ACS will not allow 2 NAS entries with same names) this way you can add same ip address with different name and different Authentication option(radius or tacacs).

hope this helps

Regards

Rohit