How have multiple NDGs for same tacacs+ server

Unanswered Question
Mar 18th, 2009
User Badges:

I have Secure ACS 4.2 installed. I am using it for vpn access with Radius and tacacs+ access for network device mgmt. I want to setup multiple NDGs but have them all use the same ACS tacacs+ server. How do I do that? Each time I add a new NDG and try to add a AAA server with the same IP and tacacs+ it tells me it overlaps with a current one configured.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Wed, 03/18/2009 - 09:18
User Badges:
  • Red, 2250 points or more


You cannot add same device again with same authentication method.


BUT


You can add same device with different authentication method. see the example below


1

Name--->device

IP ----> 1.1.1.1


secret---->xxxxx


Authenticate using --->Radius IETF



2

Name--->device1

IP ----->1.1.1.1


secret ----->x.x.x.x


Authenticate using---->tacacs IOS


Also same device cannot be a part of more then on NDG.



Regards,

~JG


Do rate helpful posts


laurabriscoe Wed, 03/18/2009 - 09:24
User Badges:

Thank you for the response. I do not want the same device to be managed in two different groups. I want to be able to split my routers/switches into different NDGs based on geographic location and be able to give different rights. I can easily create different NDGs but when I try to go to the screen where you apply the AAA server to it I cannot get it to do so if I am already using the same AAA (ACS server) for another NDG group. It removes the server from the previous group and adds it to this new group.

Jagdeep Gambhir Wed, 03/18/2009 - 09:33
User Badges:
  • Red, 2250 points or more

Laura,

No need to add aaa-server in each group. It does not matter to which group acs sever is added , it is going to take care of all NDG and aaa-clients.




Regads,

~JG



Do rate helpful posts


Actions

This Discussion