https://community.cisco.com/t5/network-security/ids-with-tacacs/m-p/794557#M86308 <HTML><HEAD></HEAD><BODY><P>you may be aware of this already, but you can limit access at the network level and enable password lockouts. Still using local credentials of course;-(</P></BODY></HTML> Thu, 28 Jun 2007 16:34:37 GMT mhellman 2007-06-28T16:34:37Z https://community.cisco.com/t5/network-security/ids-with-tacacs/m-p/794552#M86300 <P>Are IDS 4215 sensors compatable with tacacs? I did not see anything in the csm, the user guides or ids itself that would lead me to believe it was, but just wanted to make sure with the group.</P><P>Thank you. </P> Sun, 10 Mar 2019 10:40:42 GMT https://community.cisco.com/t5/network-security/ids-with-tacacs/m-p/794552#M86300 daven.delidle 2019-03-10T10:40:42Z https://community.cisco.com/t5/network-security/ids-with-tacacs/m-p/794553#M86302 <HTML><HEAD></HEAD><BODY><P>As of now IDS/IPS devices dont support external authentication using AAA servers. Hence the only way users can be authenticated is using the local database on the IDS/IPS device.</P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P>Vibhor.</P></BODY></HTML> Wed, 27 Jun 2007 16:27:16 GMT https://community.cisco.com/t5/network-security/ids-with-tacacs/m-p/794553#M86302 vitripat 2007-06-27T16:27:16Z https://community.cisco.com/t5/network-security/ids-with-tacacs/m-p/794554#M86305 <HTML><HEAD></HEAD><BODY><P></P><P>Just some additional comments that may or may not help in your planning.</P><P></P><P>Most of the time it is multi-user environments that require tacacs+ support.</P><P></P><P>Often these same environments are where CSM is being used for management, and MARS is being used for monitoring.</P><P></P><P>Both CSM and MARS are built for multi-user environments, and I believe that CSM supports tacacs+ for loggin into the CSM client. And I am fairly sure MARS also supports tacacs+.</P><P></P><P>When CSM and/or MARS accesses the sensor they will do so through a single account for all tranmission of data regardless of which user requested the change; rather than trying to connect to the sensor using the same account through which the changes were made in CSM and/or MARS.</P><P></P><P>So at least for day to day monitoring and configuration activities you use tacacs when using CSM and MARS for those activities.</P><P></P><P>Then it is only the periodic troubleshooting requiring direct sensor access that wont fit into your tacacs+ model and local accounts would need to be used on the sensor.</P><P></P></BODY></HTML> Wed, 27 Jun 2007 18:38:35 GMT https://community.cisco.com/t5/network-security/ids-with-tacacs/m-p/794554#M86305 marcabal 2007-06-27T18:38:35Z https://community.cisco.com/t5/network-security/ids-with-tacacs/m-p/794555#M86306 <HTML><HEAD></HEAD><BODY><P>I believe tacacs+ is on the roadmap for MARS, but it is currently not supported. Only local authentication is. You don't really use MARS for day to day management either though. All MARS really does today is collect the events.</P></BODY></HTML> Thu, 28 Jun 2007 13:49:20 GMT https://community.cisco.com/t5/network-security/ids-with-tacacs/m-p/794555#M86306 mhellman 2007-06-28T13:49:20Z https://community.cisco.com/t5/network-security/ids-with-tacacs/m-p/794556#M86307 <HTML><HEAD></HEAD><BODY><P>The lack of tacacs+ or RADIUS support on the IPS sensors have caused me to fail many a security audit and have made me explain WHY my security devices are less secure than the hosts they protect.</P></BODY></HTML> Thu, 28 Jun 2007 16:11:07 GMT https://community.cisco.com/t5/network-security/ids-with-tacacs/m-p/794556#M86307 rhermes 2007-06-28T16:11:07Z https://community.cisco.com/t5/network-security/ids-with-tacacs/m-p/794557#M86308 <HTML><HEAD></HEAD><BODY><P>you may be aware of this already, but you can limit access at the network level and enable password lockouts. Still using local credentials of course;-(</P></BODY></HTML> Thu, 28 Jun 2007 16:34:37 GMT https://community.cisco.com/t5/network-security/ids-with-tacacs/m-p/794557#M86308 mhellman 2007-06-28T16:34:37Z