Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Using Cisco TACACS for CSS11501

I currently have an 11501 series CSS and am trying to have authentication use our ACS appliance. I added the config listed below but when running a "show tacacs-server" both servers are listed as dead. I am able to ping both of the ACS servers without issue.

The following is the configuration I have added to the CSS:

virtual authentication primary tacacs

tacacs-server authorize config

tacacs-server authorize non-config

tacacs-server account non-config

tacacs-server account config

tacacs-server 49 primary frequency 10

tacacs-server key ****

ip management route

Any help would be greatly appreciated.



New Member

Re: Using Cisco TACACS for CSS11501

Lists the external user databases that CiscoSecure ACS uses to authenticate an unknown user (if the Check the following external user databases option is selected). CiscoSecure ACS attempts authentication using the selected databases one at a time in the order specified.

Users whose accounts were created in the CiscoSecure ACS database when CiscoSecure ACS successfully authenticated them using the Unknown User Policy. When CiscoSecure ACS creates a discovered user, the user account contains only the username, a Password Authentication list setting that reflects the external user database that authenticated the user, and a "Group to which the user is assigned" list setting of Mapped By External Authenticator, which enables group mapping. Using the CiscoSecure ACS HTML interface, you can further configure the user account as needed. For example, after a discovered user is created in CiscoSecure ACS, you can assign user-specific network access restrictions to the discovered user.