Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ACS in Multitenant environment

What's the best practice for deploying ACS in a multitenant environment.  I see some people are using an open source version of TACACS+ for this purpose. 

Any thoughts?

Everyone's tags (4)
3 REPLIES
Hall of Fame Super Silver

ACS in Multitenant environment

Depends on how you mean multitenant - there're lots of deployment models that can be called that.

In my experience, the multitenant services are often data plane with respect to the tenants' network services. ACS AAA services are control plane and use a non-tenant-accessible management VRF to access the ACS server(s).

Community Member

ACS in Multitenant environment

We have multiple entities within a state agency that we provide shared services for.  I need guidance on how to provide AAA to the multiple ASA Contexts we've created for the tenants.  Currently they are using local login credentials.  I've been tasked with creating one universal context that will provide tenants with shared TACACS so we can monitor what command caused whatever mischief.  We had a rev of ASA code recently that would crash the device when the tenants issued NAT commands.  I need to know how others are deploying their ACS's in this sort of environment. 

Hall of Fame Super Silver

ACS in Multitenant environment

That's pretty straightforward.

Each context can have AAA setup (to include accounting) pointing to the ACS server using the TACACS+ protocol. See, for example, Jatin's posting here.

It's a best practice to setup AAA that way independent of whether it's a multitenant scenario.

1000
Views
0
Helpful
3
Replies
CreatePlease to create content