Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
680
Views
19
Helpful
3
Replies

AAA / Adding additional ACS server

Go to solution
anuragvadakkekara
Level 1
Level 1

‎11-16-2013 05:49 AM - edited ‎03-10-2019 09:06 PM

Hello Guys,

Need to setup AAA proposed plan as attached.We have been using current setup since very long for both our office devices and data centre devices.Now we wanna to add one more ACS apart from the existing two and need to point out all the data centre devices to this new ACS server.

Is it possible to configure multiple groups for multiple devices and seperate ACS server's for defined groups ? If possible please let me know the commands and if not, please let me know the alternate ways.

Hope you could understand my requirements and current setup. PFA..

Many Thanks in advance !!

Best Regards,

Anurag.K

1 person had this problem
Labels:
Preview file
69 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎11-16-2013 07:23 AM

Hi Anurag,

You can add the new ACS/tacacs server and have that server in top of the sequence.

tacacs server host 10.16.2.10

tacacs server host 10.16.2.8

tacacs server host 10.16.2.9

tacacs server key xxxxx

If you really want to create a seperate group for the new ACS/tacacs server then you need to have below listed configuration.

aaa group server tacacs+ GROUP1

server 10.16.2.8

server 10.16.2.9

aaa group server tacacs+ GROUP2

server 10.16.2.10

aaa authentication login default group GROUP1 GROUP2 line

Let me knoiw if you have any doubts.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

View solution in original post

3 Replies 3

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎11-16-2013 07:23 AM

Hi Anurag,

You can add the new ACS/tacacs server and have that server in top of the sequence.

tacacs server host 10.16.2.10

tacacs server host 10.16.2.8

tacacs server host 10.16.2.9

tacacs server key xxxxx

If you really want to create a seperate group for the new ACS/tacacs server then you need to have below listed configuration.

aaa group server tacacs+ GROUP1

server 10.16.2.8

server 10.16.2.9

aaa group server tacacs+ GROUP2

server 10.16.2.10

aaa authentication login default group GROUP1 GROUP2 line

Let me knoiw if you have any doubts.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎11-16-2013 07:30 AM

You may also refer the below listed document for more info:

http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srftacs.html#wp1028783

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Go to solution
anuragvadakkekara
Level 1
Level 1
In response to Jatin Katyal

‎11-16-2013 11:03 PM

Thanks for your detailed revert mate!!!

However i have one more concern regarding with accounting.If i authenticate data centre devices with ACS 3 (newly added), from where i can get the accounting details. Would it be in the same server or can i accessible from the other ACS servers (1 & 2) as well ?

If accounting information only accessible from ACS server 3 for data centrre devices, is there any way to access the same from ACS 1 & 2 ? If yes, please share the relevant configurations for the same.

Many Thanks in adavance ..

Best Regards,

Anurag.K

0 Helpful
Customers Also Viewed These Support Documents