Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AAA question

I would like to use 2 different Tacacs Servers with 2 different keys on an AS5300. I can see that I can add as many Tacacs-servers as I want to a config but I seem to only be able to add in 1 key. Both Tacacs Servers are owned by 2 different 3rd party companies. Is it possible or can you only add 1 key to the router config?

Regards

Mary

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: AAA question

Depend on version of IOS you use. With IOS

12.3 and higher, you can use different tacacs

keys as seen below on the 3640:

C3640#sh run | i tacacs-server

tacacs-server host 192.168.15.208 key 123456

tacacs-server host 192.168.3.10 key 12345678

tacacs-server directed-request

C3640#

4 REPLIES
Silver

Re: AAA question

Depend on version of IOS you use. With IOS

12.3 and higher, you can use different tacacs

keys as seen below on the 3640:

C3640#sh run | i tacacs-server

tacacs-server host 192.168.15.208 key 123456

tacacs-server host 192.168.3.10 key 12345678

tacacs-server directed-request

C3640#

New Member

Re: AAA question

Hiya

Yes this does indeed work but I only want certain subnets to use tacacs server 1 and other subnets to use tacacs server 2 - I can't see a way of splitting this down on the IOS.

Regards

Mary

Re: AAA question

I think you could create two different AAA groups. Each will query both TACACS servers, obviously failing on one but it should successful on the other and visa-versa. Actually one group should work, but you might want to split them up for clarification.

Silver

Re: AAA question

Is this something you've tried and it works

for you?

You can create multiple AAA groups on the

routers for multiple AAA groups but you can

only use them for AAA accounting purposes.

You can not use them for AAA authentication

purposes.

132
Views
0
Helpful
4
Replies