10-17-2006 05:41 PM - edited 03-10-2019 02:48 PM
I have a router with needs to be authenticated by two ACS Server for two different functions. Eg. for ISDN dialing into the router, it gets the authentication from ACS A. While for command authentications, the router needs to talk to ACS B. Can this be done. If yes, how?
Thanks,
sweeann
10-17-2006 08:55 PM
It sure can. You just need seperate groups for each. For example:
radius-server host 1.1.1.1 key secretkey
radius-server host 2.2.2.2 key secretkey
aaa group server radius consolegrp
server 1.1.1.1 auth-port 1812 acct-port 1813
aaa group server radius isdngrp
server 2.2.2.2 auth-port 1812 acct-port 1813
Then use the following:
aaa authentication login default group consolegrp
aaa authorization exec default group consolegrp
aaa authentication ppp default group isdngrp
You can change that as neccesary (e.g. change console to TACACS) but that is the general template for multiple server groups.
-Eric
10-17-2006 11:15 PM
Eric,
I believe that'll do the job. Thanks for the input.
-sweeann
10-18-2006 02:36 AM
If you take a look at ACS v4.0 NAP (Network Access Profiles) you should be able to consolidate your ACSs down to a single server.
You can create a NAP for each service with its own config.
Maybe worth looking at.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide