Tacacs+ and Radius ....

anoushg · ‎12-02-2002

I am using a cisco 2620 for voip,

right now I am using Tacacs+ for the accounting,

and this the conf that I have in my router :

!

aaa new-model

!

aaa accounting connection h323 stop-only group tacacs+

aaa session-id common

enable secret 5 $1$YUAt$wv16aL8Q4SHkO0Qm2aPJ00

enable password 7 04541B0F00

!

and the soft on the server is cosco secure, with sql and stuf...

now the question is,

can I use at the same time the radius accounting, to be able to have both by adding this to my conf ,

!

aaa new-model

!

aaa accounting connection h323 stop-only group tacacs+

aaa accounting connection h323 stop-only group radius

aaa session-id common

enable secret 5 $1$YUAt$wv16aL8Q4SHkO0Qm2aPJ00

enable password 7 04541B0F00

!

is this correct ?

and if not can I just replace the tacacs+ by the radius, and then get the log on cisco secure.

I am pretty lost in this AAA thing.

thanks for your help.

Anoush

gfullage · ‎12-02-2002

When you type in the 2nd command it'll overwrite the first, so no, you can't do both.

If you want to do Radius accounting INSTEAD of TACACS, then yes, just type in the same line with Radius at the end. Then on the ACS server, go under Network Configuration and you'll see this 2620 listed under there, you have to set it up as a Radius (Cisco IOS/PIX) device also, it should be in there as TACACS at the moment so just change it and you should be good to go.