Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

aaa authentication on AP's

Hi,

we are using Cisco ACS on our Cisco Aironet 1200 series AP's for Mac-Authentication, using Cisco Aironet on the definitions.

But since we would like to have all our switches logins via TACACS+ we have done the following config:

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ local

aaa authorization network default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 170.x.x.164 key [encryption key]

tacacs-server host 170.x.x.166 key [encryption key]

tacacs-server timeout 10

radius-server source-ports 1645-1646

but now the to do the Mac Authentication on our Aironet IOS AP's, we can't add a second device with same name.

is there anyone we solved it?

Jorge

2 REPLIES

Re: aaa authentication on AP's

Jorge,

You can add same device but host name has to be different.

Let says you have one aaa client name AP using tacacs. Now if you want to use it agin for radius, then name should be like AP1 with protocol Radius.

Regards,

~JG

Cisco Employee

Re: aaa authentication on AP's

Hi

Give clients different names like :

AP-TACACS - for tacacs authentication

AP-RADIUS - for radius authentication

you can choose any naming convention,(ACS will not allow 2 NAS entries with same names) this way you can add same ip address with different name and different Authentication option(radius or tacacs).

hope this helps

Regards

Rohit

138
Views
0
Helpful
2
Replies