Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AAA / Adding additional ACS server

Hello Guys,

Need to setup AAA proposed plan as attached.We have been using current setup since very long for both our office devices and data centre devices.Now we wanna to add one more ACS apart from the existing two and need to point out all the data centre devices to this new ACS server.

Is it possible to configure multiple groups for multiple devices and seperate ACS server's for defined groups ? If possible please let me know the commands and if not, please let me know the alternate ways.

Hope you could understand my requirements and current setup. PFA..

Many Thanks in advance !!

Best Regards,

Anurag.K

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: AAA / Adding additional ACS server

Hi Anurag,

You can add the new ACS/tacacs server and have that server in top of the sequence.

tacacs server host 10.16.2.10

tacacs server host 10.16.2.8

tacacs server host 10.16.2.9

tacacs server key xxxxx

If you really want to create a seperate group for the new ACS/tacacs server then you need to have below listed configuration.

aaa group server tacacs+ GROUP1

server 10.16.2.8

server 10.16.2.9

aaa group server tacacs+ GROUP2

server 10.16.2.10

aaa authentication login default group GROUP1 GROUP2 line

Let me knoiw if you have any doubts.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
3 REPLIES
Cisco Employee

Re: AAA / Adding additional ACS server

Hi Anurag,

You can add the new ACS/tacacs server and have that server in top of the sequence.

tacacs server host 10.16.2.10

tacacs server host 10.16.2.8

tacacs server host 10.16.2.9

tacacs server key xxxxx

If you really want to create a seperate group for the new ACS/tacacs server then you need to have below listed configuration.

aaa group server tacacs+ GROUP1

server 10.16.2.8

server 10.16.2.9

aaa group server tacacs+ GROUP2

server 10.16.2.10

aaa authentication login default group GROUP1 GROUP2 line

Let me knoiw if you have any doubts.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Cisco Employee

Re: AAA / Adding additional ACS server

You may also refer the below listed document for more info:

http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srftacs.html#wp1028783

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

AAA / Adding additional ACS server

Thanks for your detailed revert mate!!!

However i have one more concern regarding with accounting.If i authenticate data centre devices with ACS 3 (newly added), from where i can get the accounting details. Would it be in the same server or can i accessible from the other ACS servers (1 & 2) as well ?

If accounting information only accessible from ACS server 3 for data centrre devices, is there any way to access the same from ACS 1 & 2 ? If yes, please share the relevant configurations for the same.

Many Thanks in adavance ..

Best Regards,

Anurag.K

230
Views
19
Helpful
3
Replies