Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Secure ACS 4.1 and different routers

Are the commands different from router to router?

This is what I currently have:

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization exec default if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host

tacacs-server host

tacacs-server timeout 60

tacacs-server directed-request

tacacs-server key xxxxxxxxxx

It works on my 2621's like a charm but my 2811's it won't allow my to login in as my domain account just the backup local account I have.

I am a rookie to this so please be gentle. Thanks in advance for any help you can give me...

New Member

Re: Secure ACS 4.1 and different routers


Yes they are diffrent.


tacacs-server host key cisco_key

tacacs-server directed-request

radius-server source-ports 1645-1646

Regadrs Jan

New Member

Re: Secure ACS 4.1 and different routers

Just a clarification...

We are using 2811 and 2801 at remote locations and have been trying to use the tacacs-server options as well. Are you saying that we need to configure it as a radius-server even if we are only using the tacacs options?

I just want to make sure prior to delving into radius as we have not used that at all since we are only communicating between routers for multi user authentication.


Jon Gauntt

Re: Secure ACS 4.1 and different routers

In layer 3 devices we also need to define tacacs source interface so that it uses only that interface for sending tacacs request to acs.

AAA-Switch(config)#ip tacacs source-interface (vlan or loopback or gigabit interface)

In above command we need to define the interface that is listed in acs--->network configuration--->Router.

Let me know if you have any question.