AS5300 and multiple authentication methods.

jkeeffe · ‎09-19-2003

Our AS5300 IOS version 12.2(17)a, is configured with two Group-async interfaces, and 96 modems. The modems are split between the two interfaces. At this time we have both group-async interfaces configured to use the same tacacs server for authentication.

I want to send one group to the one tacacs server, which is actually a SafeWord server, but I want the other group to be authentication using LDAP, which means sending them to another tacacs server which interfaces with an LDAP server.

I tried putting two tacacs server commands in the router put can't find away to point the groups to either one.

How can I do this?

Here is part of the AS5300 config:

modem-pool hcs

pool-range 65-96

called-number 6084 max-conn 32

!

modem-pool ghc

pool-range 1-48,49-60

called-number 6779 max-conn 60

!

interface Group-Async1

ip unnumbered Ethernet0

encapsulation ppp

async mode interactive

ipx ppp-client Loopback0

peer default ip address pool default

no fair-queue

ppp authentication pap if-needed

ppp use-tacacs

group-range 1 60

!

interface Group-Async2

ip unnumbered Ethernet0

encapsulation ppp

async mode interactive

ipx ppp-client Loopback0

peer default ip address pool default

no fair-queue

ppp authentication pap if-needed

ppp use-tacacs

group-range 65 96

!

tacacs-server host 164.12.123.123

vkapoor5 · ‎09-25-2003

You could try something like this :

aaa new-model

aaa authentication ppp listone group firsttacacs

aaa authentication ppp listtwo group secondtacacs

aaa group server tacacs+ firsttacacs

server 172.16.1.100

aaa group server tacacs+ secondtacacs

server 172.16.2.200

interface GroupAsync1

ppp authentication pap listone

interface GroupAsync2

ppp authentication pap listtwo