Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
341
Views
0
Helpful
3
Replies

access-server &Acs

alsayed
Level 1
Level 1

‎07-28-2006 10:19 PM

Hi

I have an access-server with 16-NM analoe modem..I Recently install The Acs3.2 on the win 2003 Server.I Have Created 15 user name to initiate a PPP Connection.now how can i configure the Acs & access-server to Anthenticate the users?the users in the database of the Acs shoud be the same like on the access-server?ps list some config to me.

10xs

Labels:
0 Helpful
3 Replies 3

globalnettech
Level 5
Level 5

‎07-29-2006 08:08 AM

Hello,

have a look at the sample configuration below, it contains the basic commands you need to have your dialup clients authenticated by ACS (TACACS):

Basic TACACS+ Configuration Example

http://www.cisco.com/en/US/customer/tech/tk59/technologies_configuration_example09186a0080093c7c.shtml

Let me know if you run into trouble...

Regards,

GNT

0 Helpful

alsayed
Level 1
Level 1
In response to globalnettech

‎07-29-2006 11:58 PM

Hi Friend!

this page need a Unlimited CCO Acount!PS Another

0 Helpful

teodorgeorgiev
Level 4
Level 4
In response to alsayed

‎07-30-2006 11:43 PM

Ok, here is how it is going to work:

1. On the Cisco access-server you must have configured Tacacs authentication for the incoming PPP calls.

You do not need to enter any users inside the Cisco access-server. When an incoming call passes into the Cisco access-server it will collect from customer his username and password and will send an authentication request to the Tacacs server. In the Tacacs ACS server you will configure usernames and passwords.

Here is an example configuration for the Cisco access-server:

interface Group-Async1

ip unnumbered FastEthernet0/

no ip directed-broadcast

encapsulation ppp

keepalive 10

async default routing

async dynamic address

async dynamic routing

async mode dedicated

peer default ip address pool POOL

no cdp enable

ppp authentication chap (pap - chap, whatever you like)

group-range 10 20 (line numbers)

line 10 20

session-timeout 5

autoselect during-login

autoselect ppp

modem In

transport input telnet

escape-character NONE

flowcontrol hardware

aaa new-model

aaa authentication login default line tacacs+

aaa authentication ppp default tacacs+

aaa authentication ppp ppp_list tacacs+

aaa authorization network default tacacs+

aaa accounting network default start-stop tacacs+

tacacs-server host XXX.XXX.XXX.XXX

tacacs-server key **********

That is all at the Cisco side.

P.S. Greetings from visp.net.lb :)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents