cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1014
Views
0
Helpful
3
Replies
acarlos.pinheiro
Beginner

ACS 4.2 Radius authentication and TACACS Accounting

Is it possible to configure ACS 4.2 to authenticate end users of a wireless network (with standalone APs) via RADIUS whereas I use the same ACS to provide command accounting for the APs via TACACS+? This question came out because when I configure the APs as "AAA Clients" under "Network Configuration" of ACS Server (config needed for APs and end users authentication), the Authenticate method used is RADIUS (Cisco Aironet) and it prevents the TACACS server from generating command accounting Reports under "Reports and Activity > TACACS+ Administration"

Any idea on how to overcome this?

Thanks,

Antonio

1 ACCEPTED SOLUTION

Accepted Solutions
Tarik Admani
Advocate

Hi,

You have to add another hostname for the AP...i.e APr and APt, where you can use the same NAD ip address but use radius for one and tacacs for the other.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

3 REPLIES 3
Tarik Admani
Advocate

Hi,

You have to add another hostname for the AP...i.e APr and APt, where you can use the same NAD ip address but use radius for one and tacacs for the other.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

Hello Tarik,

Thanks for replying!

I did what you suggested and it worked perfectly. Have you ever seen something similar to my scenario and the ACS config you suggested? Just to make sure I am not implementing something unusual.

Thanks,

Antonio

That is normal and is the only way to implement that results that you were seeking. When ACS 5.x rolled out, one of the features now is that you can set a tacacs and radius shared secret within the same network device entry. It makes it much easier to configure and manage.

thanks,

Tarik Admani
*Please rate helpful posts*

Content for Community-Ad