Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1494
Views
5
Helpful
2
Replies

ACE 4710 A3(2.0) and AAA / TACACS / ACS

Go to solution
melchib
Level 1
Level 1

‎12-26-2008 06:13 PM

Hi,

I have recently opened a TAC case on an issue I'm having with authenticating user via TACACS on the ACE 4710.

The TAC engineer is telling me that for the authentication to work I need that same user to also have an account on the proper context (Admin context in this case). For example if I get a ACS account named netadmin, I will also need to create that account on the ACE 4710 (Kind of like MARS...).

Is this true?

From the past posts I have read it seems people have gotten this to work by using the following two steps:

A. Configure ACS properly

1. Select user

2. Scroll down to tacacs+ setting

3. check "shell(exec)" option

4. check "custom attributes"

5. Add the custom AV-Pair info in the following format:

shell:Admin*Admin default-domain.

6. Save / and then stop/start ACS services

B. Configure the ACE

tacacs-server host a.b.c.d key XXXXXX

aaa group server tacacs+ TACACS

server a.b.c.d

aaa authentication login default group TACACS local

aaa authentication login console none

aaa accounting default group TACACS local

aaa authentication login error-enable

Are there people out there using this successfully without the ACS accounts needing to also be on the ACE?

Thanks in advance!

Brad

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.burns
Level 7
Level 7

‎12-29-2008 04:28 AM

Hi,

We have ACE Appliances working with ACS without having to create local accounts - and your process looks ok too (your ACE config is identical to mine).

Check out this thread for a similar issue:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Data%20Center&topic=Application%20Networking&topicID=.ee7814f&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc22b65

HTH

Andrew.

View solution in original post

2 Replies 2

Go to solution
andrew.burns
Level 7
Level 7

‎12-29-2008 04:28 AM

Hi,

We have ACE Appliances working with ACS without having to create local accounts - and your process looks ok too (your ACE config is identical to mine).

Check out this thread for a similar issue:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Data%20Center&topic=Application%20Networking&topicID=.ee7814f&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc22b65

HTH

Andrew.

Go to solution
melchib
Level 1
Level 1
In response to andrew.burns

‎12-29-2008 07:26 AM

That helps very much! Thank you Andrew!

0 Helpful
Customers Also Viewed These Support Documents