Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS2.6

can somebody give me the steps to configure CAS2.6.2 and router 2600 with 16 modems.i wana configure it with tacacs+ and want to work fine with normal dialup and callback user.

3 REPLIES
Cisco Employee

Re: ACS2.6

On the router you will require the below at the least.

aaa new-model

aaa authentication login default group tacacs+ enable

aaa authentication ppp default group tacacs+ local none

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization network default group tacacs+

You may require other additional statements as per you policies.

As for the dialup part for authentication

int group-async 1

ppp authentication chap ===> or pap

peer default ip address pool async ====> or you may choose to have the pool

defined on TACACS server

ip local pool async 10.6.100.101 10.6.100.103

tacacs-server host x.x.x.x

tacacs-server timeout 10

tacacs-server key xyz

On the TACACS server, add this router as the client under the Network Configuration with the proper key ( xyz in this case) and protocol tacacs

Configure the group for login protocol ppp

Please go through the below url for more info on the ACS configuration;

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt26/usergd26/ch3.htm

Thanks,

yatin

New Member

Re: ACS2.6

i installed a new acs2.6.4 and changed everything on router as per your instructions.

i installed a new windows2k server with service pack2 and installed acs2.6.4 on it joined to our company domain.i have created two users on the same server 1.dialin 2. callback and put both in seperate group which i mapped to different group in acs with one having only dial access and another can callback.i changed the tacacs+ server and key of router.

when i use both callback/dialin user i cannot login its telling me user/password incorrect.

i use authentication in acs for windows2k and when i changed it to ciscosecure both users are working fine dialin with normal dialup and callback getting callback.

i wana use authentication from windows domain please suggest me your hints.

Cisco Employee

Re: ACS2.6

Hi,

What you need to do is to configure the ACS server to use the external database of Windows NT.

You will find the instructions of configuring the NT SAM database as External User database on the following link

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt26/usergd26/ch3.htm#368606

More information on the NT User databases is on below url

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt26/usergd26/userdb.htm

Thanks,

yatin

104
Views
0
Helpful
3
Replies