cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
407
Views
0
Helpful
3
Replies

Secure ACS 4.1 and different routers

dgerbergss
Level 1
Level 1

Are the commands different from router to router?

This is what I currently have:

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization exec default if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 172.16.6.3

tacacs-server host 172.16.16.3

tacacs-server timeout 60

tacacs-server directed-request

tacacs-server key xxxxxxxxxx

It works on my 2621's like a charm but my 2811's it won't allow my to login in as my domain account just the backup local account I have.

I am a rookie to this so please be gentle. Thanks in advance for any help you can give me...

3 Replies 3

Jan Rockstedt
Level 1
Level 1

Hi,

Yes they are diffrent.

Example:

tacacs-server host 1.5.3.2 key cisco_key

tacacs-server directed-request

radius-server source-ports 1645-1646

Regadrs Jan

Just a clarification...

We are using 2811 and 2801 at remote locations and have been trying to use the tacacs-server options as well. Are you saying that we need to configure it as a radius-server even if we are only using the tacacs options?

I just want to make sure prior to delving into radius as we have not used that at all since we are only communicating between routers for multi user authentication.

Thanks,

Jon Gauntt

Jagdeep Gambhir
Level 10
Level 10

In layer 3 devices we also need to define tacacs source interface so that it uses only that interface for sending tacacs request to acs.

AAA-Switch(config)#ip tacacs source-interface (vlan or loopback or gigabit interface)

In above command we need to define the interface that is listed in acs--->network configuration--->Router.

Let me know if you have any question.

Regards,

~JG

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: