every network equipments need to be added into ACS?

Unanswered Question
Jul 13th, 2008

I'm a newbie in Cisco ACS. Do I need to add every network equipments in my network such as A.P and switches name & IP into ACS server in order for authentication & work properly? I had define the tacacs server IP on my A.P and switches.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Farrukh Haroon Mon, 07/14/2008 - 08:09

The better and more 'secure' way is to add each device individually. But the ACS does support wild-cards for adding devices. Like 192.168.1.* or a default key for 'all' devices. (TACACS)



dphills18 Thu, 07/17/2008 - 11:00

if the device is not added to the acs server, will the device prompt you for a password (via tacacs) at all.

given that the device is setup to run tacacs and default back to local.

jeremyault Thu, 07/17/2008 - 11:41

Yes and there may be issues. You will be prompted by the device for a username and password - and it will be passed on to the ACS server.

When the ACS server tried to "look up" that device in its database, it will report "Unknown NAC."

But because the ACS is reachable you may not fail back to local authentication but I'm not 100% sure about that.

Farrukh Haroon Fri, 07/18/2008 - 04:31

No if the TACACS servers are not reachable, the NAS will fallback to the alternate method configured. If the NAS is not added in ACS, it is basically the same. In terms of the NAS, the ACS server is unreachable (Because it is ignoring the request from this Unknnown NAS).




This Discussion