Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

every network equipments need to be added into ACS?

I'm a newbie in Cisco ACS. Do I need to add every network equipments in my network such as A.P and switches name & IP into ACS server in order for authentication & work properly? I had define the tacacs server IP on my A.P and switches.

5 REPLIES

Re: every network equipments need to be added into ACS?

Hi,

If you want to use TACACS/RADIUS for device management, then yes, you need to add the IP of each individual device.

Here is a nice place to start for configuring ACS:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_configuration_examples_list.html

Please rate if this helped.

Regards,

Daniel

Re: every network equipments need to be added into ACS?

The better and more 'secure' way is to add each device individually. But the ACS does support wild-cards for adding devices. Like 192.168.1.* or a default key for 'all' devices. (TACACS)

Regards

Farrukh

New Member

Re: every network equipments need to be added into ACS?

if the device is not added to the acs server, will the device prompt you for a password (via tacacs) at all.

given that the device is setup to run tacacs and default back to local.

New Member

Re: every network equipments need to be added into ACS?

Yes and there may be issues. You will be prompted by the device for a username and password - and it will be passed on to the ACS server.

When the ACS server tried to "look up" that device in its database, it will report "Unknown NAC."

But because the ACS is reachable you may not fail back to local authentication but I'm not 100% sure about that.

Re: every network equipments need to be added into ACS?

No if the TACACS servers are not reachable, the NAS will fallback to the alternate method configured. If the NAS is not added in ACS, it is basically the same. In terms of the NAS, the ACS server is unreachable (Because it is ignoring the request from this Unknnown NAS).

Regards

Farrukh

128
Views
8
Helpful
5
Replies
CreatePlease to create content