topic Re: ACS 5.1 Primary / Standby config in Network Access Control

ACS 5.1 Primary / Standby config

muhammad feroz — Mon, 11 Mar 2019 00:46:58 GMT

Dear all

Basic Setup -

1st problem:

In the Test Lab : I have Cisco ACS 1121 device and in that i have Added all network devices - routers and switches

Now i have to authenticate with Active directory. In active directory i have created users and added those users in to a group.

Can you show me any link which shows step by step instructions how add Cisco ACS in to active directory and create policies for authentication.

I have Cisco ACS 5.1 documention but there is no step by step instructions for my requirement.

2nd Problem:

I have another Cisco 1121 ACS, I want to configure this box as Backup or standby?

Can you show me any link which shows step by step instructions how to add 2 nd ACS box as secondary?

3rd Problem:

In the cisco routers i need add commands for authenticaiton

on console i need Local authentication and for telnet & ssh line tatacs authentication, if tacacas server fails than Local authentication.

for that i need some commands lilke

aaa new-model

aaa authenXXX

aaa authrorizationXXX

Can you let me know those commands.

Sorry guys for 3 questions, but i stuck in the middle, can any one help me.

Re: ACS 5.1 Primary / Standby config

muhammad feroz — Mon, 07 Feb 2011 12:43:50 GMT

Hi guys

It seems no one is answered this question. not a problem.

I have solved some of them myself.

1Q answer@:

On ACS 1121 boxLets assume that ACS ip address: 1.1.1.1/24 and AD- 1.1.1.2/24 and Router ip address = 1.1.1.3/24

1st did setup ACS basic setup, i have configured on E0 interface as 1.1.1.1/24.

To add this box in to domain, i must need to give these 2 comamnds

like ip name-server 1.1.1.2 , ntp server 1.1.1.2 (assume my ad is also NTP server)

Make sure that time is same on ACS and AD domain controller.

users and identity stores- external identity stores - active directory - type doamin name, Administrator and password. - select test connection- it will join in domain

After this you need to add a specific AD group for authentication - to do this

You get a new tab directory groups in the - users and identity stores- external identity stores - active directory.

In the directory groups - with mouse click - select option ( do not add manually the groups - it did not work for me)

select - you can see the list of groups - select it . that's it.

Create a rule

to do this come to Access-policies - Access services - Default Devicee admin -

identity - here you select AD (authentication to ad groups)

authorization - create a new rule - just click AD1:external groups-select the group - rest all default - it mean any

now you can login.

Re: ACS 5.1 Primary / Standby config

muhammad feroz — Mon, 07 Feb 2011 12:45:44 GMT

username admin pass admin
enable secret cisco123
tacacs-server host 1.1.1.1

tacacs-server key cisco

aaa new-model
aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+

aaa authentication login notacacsforcosnole local
line con 0
login authentication notacacsforcosnole But still primary and standby config is left.

but i am not able to solve 3rd question ? Any one knows how to configure the primary and standby config?