I currently have my controller configured in my Cisco Secure ACS (ver 3.3) as a Radius NAS.
This is for the wireless clients authenticate using PEAP.
Now I would like to setup my controller to use TACACS+ for management. I see where to configure it on the controller which looks straight forward.
However, I am not sure what to do on the ACS. If a controller is already configured for Radius how can I configure it to also support TACACS+? I don't see an option to have it support both. I can't add the same controller in twice either.
Any suggestions/recommendations are appreciated.
I'm wondering if my only option is to setup management using Radius too.
Thank you. That worked. I created one group called controllers-tacacs and listed each of my controllers and selected TACACS+ for authentication type.
However, I still can't get the controller to use TACACS+ for management. I added in the ACS information using port 49 under the security->tacacs-> authentication menu option. It does not have the option to pick network user or management like the radius authentication menu does. So I just enter in all the valid data shared secret, port, enabled, etc. I used the same shared secret as the controller-tacacs group I created on the ACS.
However, the controller does not use tacacs+ for management logins. I still have to use the local mgmt users account.