cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
724
Views
0
Helpful
1
Replies

Using Cisco TACACS for CSS11501

dennismatz
Level 1
Level 1

I currently have an 11501 series CSS and am trying to have authentication use our ACS appliance. I added the config listed below but when running a "show tacacs-server" both servers are listed as dead. I am able to ping both of the ACS servers without issue.

The following is the configuration I have added to the CSS:

virtual authentication primary tacacs

tacacs-server authorize config

tacacs-server authorize non-config

tacacs-server account non-config

tacacs-server account config

tacacs-server 10.10.75.9 49 primary frequency 10

tacacs-server key ****

ip management route 10.10.75.0 255.255.255.192 10.10.253.1

Any help would be greatly appreciated.

Thanks,

-Dennis

1 Reply 1

brispin
Level 1
Level 1

Lists the external user databases that CiscoSecure ACS uses to authenticate an unknown user (if the Check the following external user databases option is selected). CiscoSecure ACS attempts authentication using the selected databases one at a time in the order specified.

Users whose accounts were created in the CiscoSecure ACS database when CiscoSecure ACS successfully authenticated them using the Unknown User Policy. When CiscoSecure ACS creates a discovered user, the user account contains only the username, a Password Authentication list setting that reflects the external user database that authenticated the user, and a "Group to which the user is assigned" list setting of Mapped By External Authenticator, which enables group mapping. Using the CiscoSecure ACS HTML interface, you can further configure the user account as needed. For example, after a discovered user is created in CiscoSecure ACS, you can assign user-specific network access restrictions to the discovered user.

http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_user_guide_chapter09186a0080204cf8.html

Review Cisco Networking for a $25 gift card