https://community.cisco.com/t5/network-access-control/secure-acs-4-1-and-different-routers/m-p/1021320#M385956 <HTML><HEAD></HEAD><BODY><P>Just a clarification...</P><P>We are using 2811 and 2801 at remote locations and have been trying to use the tacacs-server options as well. Are you saying that we need to configure it as a radius-server even if we are only using the tacacs options?</P><P>I just want to make sure prior to delving into radius as we have not used that at all since we are only communicating between routers for multi user authentication.</P><P>Thanks,</P><P></P><P>Jon Gauntt</P></BODY></HTML> Wed, 09 Apr 2008 19:34:28 GMT JonGauntt 2008-04-09T19:34:28Z https://community.cisco.com/t5/network-access-control/secure-acs-4-1-and-different-routers/m-p/1021318#M385954 <P>Are the commands different from router to router?</P><P></P><P>This is what I currently have:</P><P>aaa new-model</P><P>aaa authentication login default group tacacs+ local</P><P>aaa authorization exec default if-authenticated </P><P>aaa authorization commands 15 default group tacacs+ if-authenticated </P><P>aaa accounting exec default start-stop group tacacs+</P><P>aaa accounting commands 15 default start-stop group tacacs+</P><P>tacacs-server host 172.16.6.3</P><P>tacacs-server host 172.16.16.3</P><P>tacacs-server timeout 60</P><P>tacacs-server directed-request</P><P>tacacs-server key xxxxxxxxxx</P><P></P><P>It works on my 2621's like a charm but my 2811's it won't allow my to login in as my domain account just the backup local account I have. </P><P></P><P>I am a rookie to this so please be gentle. Thanks in advance for any help you can give me...</P> Sun, 10 Mar 2019 22:46:12 GMT https://community.cisco.com/t5/network-access-control/secure-acs-4-1-and-different-routers/m-p/1021318#M385954 dgerbergss 2019-03-10T22:46:12Z https://community.cisco.com/t5/network-access-control/secure-acs-4-1-and-different-routers/m-p/1021319#M385955 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Yes they are diffrent.</P><P></P><P>Example: </P><P>tacacs-server host 1.5.3.2 key cisco_key</P><P>tacacs-server directed-request</P><P>radius-server source-ports 1645-1646</P><P></P><P>Regadrs Jan</P></BODY></HTML> Wed, 09 Apr 2008 06:19:49 GMT https://community.cisco.com/t5/network-access-control/secure-acs-4-1-and-different-routers/m-p/1021319#M385955 Jan Rockstedt 2008-04-09T06:19:49Z https://community.cisco.com/t5/network-access-control/secure-acs-4-1-and-different-routers/m-p/1021320#M385956 <HTML><HEAD></HEAD><BODY><P>Just a clarification...</P><P>We are using 2811 and 2801 at remote locations and have been trying to use the tacacs-server options as well. Are you saying that we need to configure it as a radius-server even if we are only using the tacacs options?</P><P>I just want to make sure prior to delving into radius as we have not used that at all since we are only communicating between routers for multi user authentication.</P><P>Thanks,</P><P></P><P>Jon Gauntt</P></BODY></HTML> Wed, 09 Apr 2008 19:34:28 GMT https://community.cisco.com/t5/network-access-control/secure-acs-4-1-and-different-routers/m-p/1021320#M385956 JonGauntt 2008-04-09T19:34:28Z https://community.cisco.com/t5/network-access-control/secure-acs-4-1-and-different-routers/m-p/1021321#M385957 <HTML><HEAD></HEAD><BODY><P>In layer 3 devices we also need to define tacacs source interface so that it uses only that interface for sending tacacs request to acs.</P><P></P><P>AAA-Switch(config)#ip tacacs source-interface (vlan or loopback or gigabit interface)</P><P></P><P>In above command we need to define the interface that is listed in acs---&gt;network configuration---&gt;Router.</P><P></P><P>Let me know if you have any question.</P><P></P><P></P><P>Regards,</P><P>~JG</P></BODY></HTML> Wed, 09 Apr 2008 20:09:06 GMT https://community.cisco.com/t5/network-access-control/secure-acs-4-1-and-different-routers/m-p/1021321#M385957 Jagdeep Gambhir 2008-04-09T20:09:06Z