Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Forcing A User To Use TACACS+ Only

Our single ACS server is accomodating 2 groups of users.

Some are the Network admins which get authenticated to PIX firewall that's configured as a TACACS+ agent

The others are regular users which get authenticated to Cisco VPN concentrator configured as a RADIUS agent.

Is there a way to restrict the Network admins to only use TACACS+ and Regular VPN users to only use RADIUS for authentication? We don't want the regular VPN users to be able to be authenticated to PIX firewall just because they have a valid username/password on the ACS server used by PIX.

Thanks.

1 REPLY
New Member

Re: Forcing A User To Use TACACS+ Only

If your netadmins and users are in separate groups, then you can use Network Access Restrictions to limit access from various NAS'es. If NAR's are not available under your Group Settings, then go to Interface Configuration>>Advanced Settings and enable it.

HTH

Jeff

88
Views
0
Helpful
1
Replies
CreatePlease to create content