Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

RADIUS and TACACS+ Authentication

We are authenticating our systems through dot1x. I also need to be able to authenticate our Cisco admins using the same ACS server. I see how to configure a switch to do both TACACS+ and RADIUS, but I don't see how to setup ACS to allow a switch to use both TACACS+ and RADIUS.

Can someone give me a pointer?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: RADIUS and TACACS+ Authentication

You need to set up both authentication on switch.

aaa authentication login default group tacacs local

aaa authentication dot1x default group radius

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization network default group radius

radius-server host 2.2.2.2 key cisco

tacacs-server host 2.2.2.2 key cisco

On ACS you need to add switch twice.

ACS--->network configuration--->add aaa-clinet

Host name switch1

IP : 3.3.3.3

Authen using : Radius IETF

Add another switch

Host name switch2

IP : 3.3.3.3

Authen using : Tacacs+

Regards,

~JG

Do rate helpful posts

2 REPLIES

Re: RADIUS and TACACS+ Authentication

You need to set up both authentication on switch.

aaa authentication login default group tacacs local

aaa authentication dot1x default group radius

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization network default group radius

radius-server host 2.2.2.2 key cisco

tacacs-server host 2.2.2.2 key cisco

On ACS you need to add switch twice.

ACS--->network configuration--->add aaa-clinet

Host name switch1

IP : 3.3.3.3

Authen using : Radius IETF

Add another switch

Host name switch2

IP : 3.3.3.3

Authen using : Tacacs+

Regards,

~JG

Do rate helpful posts

Community Member

Re: RADIUS and TACACS+ Authentication

Thanks. I started to try that, but I didn't think that it would let me use two different names. That works great.

Thanks,

Wes

227
Views
0
Helpful
2
Replies
CreatePlease to create content