Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Proxying TACACS

I have a centralised ACS server running TACACS..

I want to set up a proxy server in a customer network, so their routers request TACACS authentication from this server.

However, I don't want any username/group details on this server, I want it to forward the request to our central ACS.

Do I need a full ACS application to do this on the customer server, or is there a cheap/free TACACS server that will just act as a proxy?

I've dug through the configs for the free Cisco TAC+ daemon, but it doesn't appear to do this...

Thanks in advance



Re: Proxying TACACS

Hi Neil,

Yes, we need to use full tacacs server to achieve it. Had this been radius we would have used some free radius but with tacas there is no option for cheap/free TACACS.



Do rate helpful posts

Community Member

Re: Proxying TACACS

Hi JG,

I'm looking at doing this with radius and was wondering if you have any links or docs on how this is done. Eg. Free radius at the external site and then ACS in our internal network doing the authentication process.

Thanks for any help.



Re: Proxying TACACS


I beg to differ with JG. I think it can be done. Here is what I would do:

1- configure a Freeware TACACS at the customer

site. This should run on a Linux platform.

2- setup the Linux box to do "port-forwarding"

on tcp port 49 to your ACS Server,

3- setup your ACS server to accept connections

from the customer's network devices.

In this scenario, the linux Freeware tacacs

server will serve like a "pass-through" or

"proxy" the connection to your ACS server.

That being said, I've never tried it on ACS

Server but I've tried it on Linux Freeware

tacacs server where both my "pass-through"

tacacs server and central tacacs server are

running Freeware tacacs+ server


Re: Proxying TACACS


Here is one I found for IAS. Concept remains the same for all radius.



Do rate helpful posts

CreatePlease to create content