Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS v3.1 working as RADIUS and TACACS+

I have an ACS with two aaa-servers: one RADIUS and one TACACS+. I have defined two groups of users, one for RADIUS and another for TACACS+. The problem I have is that I can use "radius" users in TACACS+ and "tacacs" users in RADIUS, and I don't know how to separate them. What I want is to use the group radius when the aaa-client is RADIUS and the group tacacs when the aaa-client is TACACS+.

Regards.

1 REPLY
Cisco Employee

Re: ACS v3.1 working as RADIUS and TACACS+

Once the users entered in the database of ACS, no way to seperate them based on RADIUS or TACACS protocol.

However you can have one user always authenticted using RADIUS and not using TACACS using "NAS Filtering" or NAR . NAS filtering can be used to limit authentication of a user on a per-NAS basis. So with that the user will be authenticated from RADIUS speaking NAS only and not via TACACS speaking NAS. (if its configured that way).

In other words you can dedicte certain users to be authenticated by certain NAS only.

Here is the way to do that

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/u.htm#94180

177
Views
0
Helpful
1
Replies
CreatePlease to create content