Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDS with tacacs

Are IDS 4215 sensors compatable with tacacs? I did not see anything in the csm, the user guides or ids itself that would lead me to believe it was, but just wanted to make sure with the group.

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: IDS with tacacs

As of now IDS/IPS devices dont support external authentication using AAA servers. Hence the only way users can be authenticated is using the local database on the IDS/IPS device.

Hope this helps.

Regards,

Vibhor.

5 REPLIES
Silver

Re: IDS with tacacs

As of now IDS/IPS devices dont support external authentication using AAA servers. Hence the only way users can be authenticated is using the local database on the IDS/IPS device.

Hope this helps.

Regards,

Vibhor.

Cisco Employee

Re: IDS with tacacs

Just some additional comments that may or may not help in your planning.

Most of the time it is multi-user environments that require tacacs+ support.

Often these same environments are where CSM is being used for management, and MARS is being used for monitoring.

Both CSM and MARS are built for multi-user environments, and I believe that CSM supports tacacs+ for loggin into the CSM client. And I am fairly sure MARS also supports tacacs+.

When CSM and/or MARS accesses the sensor they will do so through a single account for all tranmission of data regardless of which user requested the change; rather than trying to connect to the sensor using the same account through which the changes were made in CSM and/or MARS.

So at least for day to day monitoring and configuration activities you use tacacs when using CSM and MARS for those activities.

Then it is only the periodic troubleshooting requiring direct sensor access that wont fit into your tacacs+ model and local accounts would need to be used on the sensor.

Gold

Re: IDS with tacacs

I believe tacacs+ is on the roadmap for MARS, but it is currently not supported. Only local authentication is. You don't really use MARS for day to day management either though. All MARS really does today is collect the events.

Gold

Re: IDS with tacacs

The lack of tacacs+ or RADIUS support on the IPS sensors have caused me to fail many a security audit and have made me explain WHY my security devices are less secure than the hosts they protect.

Gold

Re: IDS with tacacs

you may be aware of this already, but you can limit access at the network level and enable password lockouts. Still using local credentials of course;-(

186
Views
9
Helpful
5
Replies