Can a TACACS+ server query a RADIUS server?

Unanswered Question
Aug 31st, 2010

Hi All.

My work environment currently uses FreeRADIUS for all of our customer and staff AAA requirements.  This currently includes access to all of our Cisco devices.

My boss now wants to set up a TACACS+ server for access to all our Cisco devices, but wants the TACACS+ server to query the RADIUS server and its database in turn.  In other words, he wants the TACACS+ server to act as a kind of proxy and relay the request to RADIUS, and to have RADIUS pass the accept or reject back to the TACACS+, and then back to the Cisco device.

Does anyone know if this is possible?  I'm pretty sure you can do this with 2 RADIUS servers...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tamyotte Fri, 09/03/2010 - 14:16

Good question.  We do not currently have a TACACS+ server, and would have to build one if this is possibility.

Having said that, I believe my boss is just going to go for local authentication on the few switches where this is a problem.

Javier Henderson Sun, 09/05/2010 - 07:00

I was assuming you were using ACS as your TACACS+ server. It can proxy to a RADIUS server. I don't know about other TACACS+ servers, though.


This Discussion