How have multiple NDGs for same tacacs+ server

laurabriscoe · ‎03-18-2009

I have Secure ACS 4.2 installed. I am using it for vpn access with Radius and tacacs+ access for network device mgmt. I want to setup multiple NDGs but have them all use the same ACS tacacs+ server. How do I do that? Each time I add a new NDG and try to add a AAA server with the same IP and tacacs+ it tells me it overlaps with a current one configured.

Jagdeep Gambhir · ‎03-18-2009

You cannot add same device again with same authentication method.

BUT

You can add same device with different authentication method. see the example below

1

Name--->device

IP ----> 1.1.1.1

secret---->xxxxx

Authenticate using --->Radius IETF

2

Name--->device1

IP ----->1.1.1.1

secret ----->x.x.x.x

Authenticate using---->tacacs IOS

Also same device cannot be a part of more then on NDG.

Regards,

~JG

Do rate helpful posts

laurabriscoe · ‎03-18-2009

Thank you for the response. I do not want the same device to be managed in two different groups. I want to be able to split my routers/switches into different NDGs based on geographic location and be able to give different rights. I can easily create different NDGs but when I try to go to the screen where you apply the AAA server to it I cannot get it to do so if I am already using the same AAA (ACS server) for another NDG group. It removes the server from the previous group and adds it to this new group.

Jagdeep Gambhir · ‎03-18-2009

Laura,

No need to add aaa-server in each group. It does not matter to which group acs sever is added , it is going to take care of all NDG and aaa-clients.

Regads,

~JG

Do rate helpful posts