Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
810
Views
0
Helpful
4
Replies

RADIUS AND TACACS on SAME Router or Server?

james.robinson
Level 1
Level 1

‎03-06-2002 06:57 AM - edited ‎02-21-2020 11:38 AM

Can both RADIUS and TACACs be configured on the same box? What I would like to do is, configure Radius to Authenticate Users on TTY Lines 1-48 on a Cisco AS5200, 5300 and 5400. I would like to configure TACACS to Authenticate Users on the Console, Aux and Vty lines.

My reading of Cisco documentation so far seems to say that only TACACS OR RADIUS can be configured on a router or server, not BOTH.

Labels:
0 Helpful
4 Replies 4

zabbas
Level 1
Level 1

‎03-06-2002 11:46 AM

James,

Currently we have a AS5350 box which authenticates users (dial in) via RADIUS and authenticates admins to telnet to the AS5350 using TACACS. Authentication occurs with a Cisco ACS 3.0 Win2k server. So to answer your question both work.

0 Helpful

james.robinson
Level 1
Level 1
In response to zabbas

‎03-06-2002 12:35 PM

Thanks for the response! My problem now is, I have no idea how to configure this. Can you send me just the config to do this or can you direct me to info on cisco.com? My email: jim.robinson@wcom.com

0 Helpful

zabbas
Level 1
Level 1
In response to james.robinson

‎03-06-2002 04:42 PM

Here is the config:

1.aaa new-model

2.aaa authentication login default group radius line

3.aaa authentication login ciscosecure group tacacs+ line

4. tacacs-server host single-connection key

5. radius-server host auth-port 1645 acct-port 1646

6. radius-server key 7

7.

line vty 0 4

exec-timeout 5 0

password 7 ********

login authentication ciscosecure

8.

line con 0

password 7 ********

login authentication ciscosecure

-------

Line 1: Basic way to start aaa

Line 2:

Say's default authen will be radius. This is used for user accessing the AS5350 through dialing in.

Line 3:

This line is there for use with logging in to vty 0 4 (ie. telnet)and console It says use tacacs first and if not avail then use line password. I would apply this to 'line vty 0 4' and 'line con 0' and aux if needed.

Lines 4 - 8 hopefully are straight forward for you to understand.

Our radius service is using RSA ACESERVER and tacacs is on a CiscoSecure ACS 4.0 on Win2k. Let me know if you need more info.

Hope this helps.

0 Helpful

james.robinson
Level 1
Level 1
In response to zabbas

‎03-07-2002 06:23 AM

Thanks very much for the config info. I appreciate it greatly. I am busy now seeing if we can make this work in our AS5200s. Thanks very much!

0 Helpful
Customers Also Viewed These Support Documents