I need to enable aaa authentication on Cisco ACE 4710 and unable to do that. Please help me with this.
Here is the config i have done on the ACE.
tacacs-server key 7 "[email protected]"
tacacs-server host 172.18.124.20 key 7 "[email protected]"
tacacs-server host 172.18.124.21 key 7 "[email protected]"
aaa group server tacacs+ TACACS+_Server_Group1
aaa authentication login default group TACACS+_Server_Group1 local
aaa authentication login error-enable
I added the entry for ACE in ACS but still its not authenticating.
You have to use a custom AV pair on TACACS server under user setup to make it work. ACE uses RBAC (role based Access Control) and for that you have to pass the context and User Role from Tacacs server to ACE to make it work.If there is no RBAC info is pushed from Tacacs server and user just get authenticated then the default role assigned by ACE is Network-Monitor.
Following steps (On tacacs server) will make it work
1. Select your user
2. goto tacas+ settings
3. Select " shell (exec)" checkbox
4. Select "custom attributes" checkbox
5. Type your context and role information in custom attrib box, using following format
for e.g (if context name is Admin, domain is default-domain and you want to assign role "Admin" to this user )
For more information
Please read One of my old post on this topic.
Hope it helps
Syed Iftekhar Ahmed