Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Using two ACS for two different authentication on one router

I have a router with needs to be authenticated by two ACS Server for two different functions. Eg. for ISDN dialing into the router, it gets the authentication from ACS A. While for command authentications, the router needs to talk to ACS B. Can this be done. If yes, how?

Thanks,

sweeann

3 REPLIES
Silver

Re: Using two ACS for two different authentication on one router

It sure can. You just need seperate groups for each. For example:

radius-server host 1.1.1.1 key secretkey

radius-server host 2.2.2.2 key secretkey

aaa group server radius consolegrp

server 1.1.1.1 auth-port 1812 acct-port 1813

aaa group server radius isdngrp

server 2.2.2.2 auth-port 1812 acct-port 1813

Then use the following:

aaa authentication login default group consolegrp

aaa authorization exec default group consolegrp

aaa authentication ppp default group isdngrp

You can change that as neccesary (e.g. change console to TACACS) but that is the general template for multiple server groups.

-Eric

New Member

Re: Using two ACS for two different authentication on one router

Eric,

I believe that'll do the job. Thanks for the input.

-sweeann

Silver

Re: Using two ACS for two different authentication on one router

If you take a look at ACS v4.0 NAP (Network Access Profiles) you should be able to consolidate your ACSs down to a single server.

You can create a NAP for each service with its own config.

Maybe worth looking at.

164
Views
10
Helpful
3
Replies
CreatePlease to create content