04-30-2008 02:25 AM
hello
suppose i configured 2 aaa authentication login methods: one for dialup users and the second for telnet from network administrator:
aaa authentication login default group tacacs+ local
aaa authentication login whoisit group tacacs+ local enable
and suppose we will use 2 tacacs servers: one for each method.
is it possible to map each authentication method to one tacacs server?
i don't think so, because when defing the tacacs server there is no keyword to specify the aaa method.
any idea?
Solved! Go to Solution.
04-30-2008 03:17 AM
Hi Oussama,
Yes, you can use server-group:
aaa group server tacacs+ group1
server 1.1.1.1
!
aaa authentication login test1 group group1 local
tacacs-server host 1.1.1.1 key cisco
BR,
Mohammed Mahmoud.
04-30-2008 03:17 AM
Hi Oussama,
Yes, you can use server-group:
aaa group server tacacs+ group1
server 1.1.1.1
!
aaa authentication login test1 group group1 local
tacacs-server host 1.1.1.1 key cisco
BR,
Mohammed Mahmoud.
04-30-2008 08:11 AM
Oussama
Mohammed is quite correct. I have done exactly what you are asking about to configure a router to support dial up users and to configure aaa authentication so that dial up users uathenticate with one TACACS server and the administrative (telnet) users authenticate with a different server. The ability to configure server groups makes this possible. And it works very well.
In my implementation I found it easier to let the dial users use the default authentication method (with one server group) and to specify a named method for the administrative users (with a different server group).
HTH
Rick
04-30-2008 09:19 PM
hi rick
that's exactlly what i will do: dial users use the default authentication method and administrators use an other one.
thanks
04-30-2008 09:16 PM
thanks mohammed. you have usually the solutions to my problems :-)
05-01-2008 03:52 AM
Hi Oussama,
You are very welcomed :), and thank you for the rating.
BR,
Mohammed Mahmoud.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: