Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
589
Views
3
Helpful
5
Replies

2 tacacs

Go to solution
ohassairi
Level 5
Level 5

‎04-30-2008 02:25 AM

hello

suppose i configured 2 aaa authentication login methods: one for dialup users and the second for telnet from network administrator:

aaa authentication login default group tacacs+ local

aaa authentication login whoisit group tacacs+ local enable

and suppose we will use 2 tacacs servers: one for each method.

is it possible to map each authentication method to one tacacs server?

i don't think so, because when defing the tacacs server there is no keyword to specify the aaa method.

any idea?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mohammedmahmoud
Level 11
Level 11

‎04-30-2008 03:17 AM

Hi Oussama,

Yes, you can use server-group:

aaa group server tacacs+ group1

server 1.1.1.1

!

aaa authentication login test1 group group1 local

tacacs-server host 1.1.1.1 key cisco

BR,

Mohammed Mahmoud.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
mohammedmahmoud
Level 11
Level 11

‎04-30-2008 03:17 AM

Hi Oussama,

Yes, you can use server-group:

aaa group server tacacs+ group1

server 1.1.1.1

!

aaa authentication login test1 group group1 local

tacacs-server host 1.1.1.1 key cisco

BR,

Mohammed Mahmoud.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to mohammedmahmoud

‎04-30-2008 08:11 AM

Oussama

Mohammed is quite correct. I have done exactly what you are asking about to configure a router to support dial up users and to configure aaa authentication so that dial up users uathenticate with one TACACS server and the administrative (telnet) users authenticate with a different server. The ability to configure server groups makes this possible. And it works very well.

In my implementation I found it easier to let the dial users use the default authentication method (with one server group) and to specify a named method for the administrative users (with a different server group).

HTH

Rick

HTH

Rick

Go to solution
ohassairi
Level 5
Level 5
In response to Richard Burts

‎04-30-2008 09:19 PM

hi rick

that's exactlly what i will do: dial users use the default authentication method and administrators use an other one.

thanks

0 Helpful

Go to solution
ohassairi
Level 5
Level 5
In response to mohammedmahmoud

‎04-30-2008 09:16 PM

thanks mohammed. you have usually the solutions to my problems :-)

0 Helpful

Go to solution
mohammedmahmoud
Level 11
Level 11
In response to ohassairi

‎05-01-2008 03:52 AM

Hi Oussama,

You are very welcomed :), and thank you for the rating.

BR,

Mohammed Mahmoud.

0 Helpful
Customers Also Viewed These Support Documents