cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
506
Views
10
Helpful
3
Replies

Using two ACS for two different authentication on one router

sweeann
Level 1
Level 1

I have a router with needs to be authenticated by two ACS Server for two different functions. Eg. for ISDN dialing into the router, it gets the authentication from ACS A. While for command authentications, the router needs to talk to ACS B. Can this be done. If yes, how?

Thanks,

sweeann

3 Replies 3

ethiel
Level 3
Level 3

It sure can. You just need seperate groups for each. For example:

radius-server host 1.1.1.1 key secretkey

radius-server host 2.2.2.2 key secretkey

aaa group server radius consolegrp

server 1.1.1.1 auth-port 1812 acct-port 1813

aaa group server radius isdngrp

server 2.2.2.2 auth-port 1812 acct-port 1813

Then use the following:

aaa authentication login default group consolegrp

aaa authorization exec default group consolegrp

aaa authentication ppp default group isdngrp

You can change that as neccesary (e.g. change console to TACACS) but that is the general template for multiple server groups.

-Eric

Eric,

I believe that'll do the job. Thanks for the input.

-sweeann

If you take a look at ACS v4.0 NAP (Network Access Profiles) you should be able to consolidate your ACSs down to a single server.

You can create a NAP for each service with its own config.

Maybe worth looking at.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: