04-03-2009 10:07 AM - edited 07-03-2021 05:24 PM
I currently have my controller configured in my Cisco Secure ACS (ver 3.3) as a Radius NAS.
This is for the wireless clients authenticate using PEAP.
Now I would like to setup my controller to use TACACS+ for management. I see where to configure it on the controller which looks straight forward.
However, I am not sure what to do on the ACS. If a controller is already configured for Radius how can I configure it to also support TACACS+? I don't see an option to have it support both. I can't add the same controller in twice either.
Any suggestions/recommendations are appreciated.
I'm wondering if my only option is to setup management using Radius too.
04-06-2009 09:51 AM
Try entering your controller again with a different name:
ControllerName-TACACS
Use the same IP, device group & shared secret then select TACACS+ (Cisco) instead of Radius for authentication.
You end up with two entries for each device that requires both, one for TACACS & one for Radius.
04-07-2009 11:42 AM
Thank you. That worked. I created one group called controllers-tacacs and listed each of my controllers and selected TACACS+ for authentication type.
However, I still can't get the controller to use TACACS+ for management. I added in the ACS information using port 49 under the security->tacacs-> authentication menu option. It does not have the option to pick network user or management like the radius authentication menu does. So I just enter in all the valid data shared secret, port, enabled, etc. I used the same shared secret as the controller-tacacs group I created on the ACS.
However, the controller does not use tacacs+ for management logins. I still have to use the local mgmt users account.
Anyone have any ideas.
04-08-2009 09:15 AM
Sounds like what my WiSMs did when I first setup them up for TACACS.
Have you tried restarting the ACS service? Network Configuration > Service Control > Restart
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide