03-18-2009 08:58 AM - edited 03-10-2019 04:23 PM
I have Secure ACS 4.2 installed. I am using it for vpn access with Radius and tacacs+ access for network device mgmt. I want to setup multiple NDGs but have them all use the same ACS tacacs+ server. How do I do that? Each time I add a new NDG and try to add a AAA server with the same IP and tacacs+ it tells me it overlaps with a current one configured.
03-18-2009 09:18 AM
You cannot add same device again with same authentication method.
BUT
You can add same device with different authentication method. see the example below
1
Name--->device
IP ----> 1.1.1.1
secret---->xxxxx
Authenticate using --->Radius IETF
2
Name--->device1
IP ----->1.1.1.1
secret ----->x.x.x.x
Authenticate using---->tacacs IOS
Also same device cannot be a part of more then on NDG.
Regards,
~JG
Do rate helpful posts
03-18-2009 09:24 AM
Thank you for the response. I do not want the same device to be managed in two different groups. I want to be able to split my routers/switches into different NDGs based on geographic location and be able to give different rights. I can easily create different NDGs but when I try to go to the screen where you apply the AAA server to it I cannot get it to do so if I am already using the same AAA (ACS server) for another NDG group. It removes the server from the previous group and adds it to this new group.
03-18-2009 09:33 AM
Laura,
No need to add aaa-server in each group. It does not matter to which group acs sever is added , it is going to take care of all NDG and aaa-clients.
Regads,
~JG
Do rate helpful posts
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: