Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

HWTACACS integration with ACS Cisco

Hi

Anyone knows if it is possible to integrate non-Cisco Devices with HWTACACS with a Cisco ACS Platform?

Is there any limitations or issues?

Thanks in advance.

Everyone's tags (1)
12 REPLIES
New Member

Hello, yes, you can do it!,

Hello, yes, you can do it!, the device only need to support TACACS....remember..ACS is AAA.. I used AAA with Huawei and Juniper!.

New Member

   Hi Kevin,

   Hi Kevin,

  Could you please help me with my config in ACS v4.2 to authenticate a non-cisco device.

  There is any web page to download the vendor specific attributes ?? It is necessary ?

  

 

New Member

Hello, Tell me, what kind of

Hello, Tell me, what kind of device do you want to add?

New Member

Hi again , I would like to

Hi again , I would like to add a Huawei S9300.

by the way I don´t have a vendor specific attributes. 

 

New Member

ok., I use this configuration

ok., I use this configuration in Huawei NE Router and Switch Quidway...

**************************************************************

hwtacacs-server template template_name
 hwtacacs-server authentication x.x.x.x    (IP Address ACS Server)
 hwtacacs-server authorization x.x.x.x
 hwtacacs-server accounting x.x.x.x
 hwtacacs-server source-ip y.y.y.y      (IP Address Loopback of Device)
 hwtacacs-server shared-key cipher password-tacacs
 hwtacacs-server timer response-timeout 1
 undo hwtacacs-server user-name domain-included
#
aaa
 authentication-scheme default
  authentication-mode hwtacacs local
 authorization-scheme default
  authorization-mode hwtacacs local if-authenticated
  authorization-cmd 0 hwtacacs local
  authorization-cmd 1 hwtacacs local
  authorization-cmd 15 hwtacacs local
 accounting-scheme default
  accounting-mode hwtacacs
  accounting start-fail online
 recording-scheme default                 (This is for record commands on ACS)
  recording-mode hwtacacs name_template
 cmd recording-scheme default
 domain default_admin
  authorization-scheme default
  hwtacacs-server name_template
#
user-interface vty 0 4
 authentication-mode aaa

****************************************************************************

New Member

  Thanks for the information

  Thanks for the information I´m gonna probe this,

  Do I need a vendor specific attributes ?

When I try to config the ACS v4.2 with the option "Authenticate Using" i got this.

TACACS+ (CISCO IOS)
RADIUS (CISCO AIRESPACE)
RADIUS (CISCO AIRONET)
RADIUS (CISCO BBSM)
RADIUS (3COMUSR)
RADIUS (CISCO IOS/PIX 6.0)
RADIUS (CISCO VPN 3000/ASA/PIX 7.X+)
RADIUS (CISCO VPN 5000)
RADIUS (IETF)
RADIUS (ASCEND)
RADIUS (JUNIPER)
RADIUS (NORTEL)
RADIUS (Ipass)

   Which one Do I have to select to authenticate a Huawei Switch.???

Thanks so much for your help...

 I appreciate it .

New Member

use this: TACACS+ (CISCO IOS)

use this: TACACS+ (CISCO IOS)

New Member

  Hi Kevin , I use the option

  Hi Kevin , I use the option TACACS+(CISCO IOS), now I can authenticate with the ACS but only by telnet .

 When I try to do it by ssh it gives me the next msg "Write failed: Broken pipe"

I´m going to look for this msg to see if I can solve this.

Thansk for everything Kevin

New Member

hi, what terminal are using

hi, what terminal are using you? putty or CRT?

New Member

 I use  ZOC terminal.

 I use  ZOC terminal.

Cisco Employee

Hi David,

Hi David,

Can you use Putty as a terminal and test again. If you fail this time, please check ACS reports and activities > failed authentication and let me know.

~ Jatin

~BR Jatin Katyal **Do rate helpful posts**

Hello,

Hello,

Yes this can be done, if the thrid party understand radius or tacas it should not be problem.You would always need vendor specific attributes as well installed on ACS for integration with other devices.

Hope it Helps..

-GI

2009
Views
9
Helpful
12
Replies
作成コンテンツを作成するには してください