Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RADIUS AND TACACS on SAME Router or Server?

Can both RADIUS and TACACs be configured on the same box? What I would like to do is, configure Radius to Authenticate Users on TTY Lines 1-48 on a Cisco AS5200, 5300 and 5400. I would like to configure TACACS to Authenticate Users on the Console, Aux and Vty lines.

My reading of Cisco documentation so far seems to say that only TACACS OR RADIUS can be configured on a router or server, not BOTH.

4 REPLIES
New Member

Re: RADIUS AND TACACS on SAME Router or Server?

James,

Currently we have a AS5350 box which authenticates users (dial in) via RADIUS and authenticates admins to telnet to the AS5350 using TACACS. Authentication occurs with a Cisco ACS 3.0 Win2k server. So to answer your question both work.

New Member

Re: RADIUS AND TACACS on SAME Router or Server?

Thanks for the response! My problem now is, I have no idea how to configure this. Can you send me just the config to do this or can you direct me to info on cisco.com? My email: jim.robinson@wcom.com

New Member

Re: RADIUS AND TACACS on SAME Router or Server?

Here is the config:

1.aaa new-model

2.aaa authentication login default group radius line

3.aaa authentication login ciscosecure group tacacs+ line

4. tacacs-server host single-connection key

5. radius-server host auth-port 1645 acct-port 1646

6. radius-server key 7

7.

line vty 0 4

exec-timeout 5 0

password 7 ********

login authentication ciscosecure

8.

line con 0

password 7 ********

login authentication ciscosecure

-------

Line 1: Basic way to start aaa

Line 2:

Say's default authen will be radius. This is used for user accessing the AS5350 through dialing in.

Line 3:

This line is there for use with logging in to vty 0 4 (ie. telnet)and console It says use tacacs first and if not avail then use line password. I would apply this to 'line vty 0 4' and 'line con 0' and aux if needed.

Lines 4 - 8 hopefully are straight forward for you to understand.

Our radius service is using RSA ACESERVER and tacacs is on a CiscoSecure ACS 4.0 on Win2k. Let me know if you need more info.

Hope this helps.

New Member

Re: RADIUS AND TACACS on SAME Router or Server?

Thanks very much for the config info. I appreciate it greatly. I am busy now seeing if we can make this work in our AS5200s. Thanks very much!

131
Views
0
Helpful
4
Replies
CreatePlease to create content