Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
950
Views
0
Helpful
3
Replies

AAA authentication & CiscoWorks

cbuzzard
Level 1
Level 1

‎06-30-2004 01:33 PM - edited ‎03-10-2019 01:44 PM

Hi all -

We use the configuration management piece of CW2K to download each of our device configurations. We are looking at going to AAA using SecurID for authentication. However, if we setup our VTY access to have an authentication scheme of '...group radius local-case' then our ciscoworks download will never authenticate.

Has anyone else run into this, or I am just missing something? Do we have to accept we can't download configs on devices we aaa enable?

Thanks!

chad

Labels:
0 Helpful
3 Replies 3

jleon22
Level 1
Level 1

‎07-02-2004 09:50 AM

In creating the profiles for your devices in CW2K, you are able to give a tacacs account and pasword. You could create a tacacs account on the ACS for the CW2k to download the configs.

0 Helpful

cbuzzard
Level 1
Level 1
In response to jleon22

‎07-02-2004 10:13 AM

Thanks for the reply. In order to clarify, our initial use of this will only use RADIUS against the RSA RADIUS server, we don't have ACS yet. Looks like I'm either out of luck or have to switch my profile order to local radius instead.

thanks

0 Helpful

jleon22
Level 1
Level 1
In response to cbuzzard

‎07-02-2004 10:42 AM

Oh, I see, I think I'm starting to understand a bit clearer. Would it be possible to configure the RSA Radius server to create a CW2k account with a static password that can only originate from the source ip address of the CW2k server? Those restrictions on that account can satisify most of the security policy folks.

0 Helpful
Customers Also Viewed These Support Documents