cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1538
Views
0
Helpful
3
Replies

ACS 4.2 Radius authentication and TACACS Accounting

Is it possible to configure ACS 4.2 to authenticate end users of a wireless network (with standalone APs) via RADIUS whereas I use the same ACS to provide command accounting for the APs via TACACS+? This question came out because when I configure the APs as "AAA Clients" under "Network Configuration" of ACS Server (config needed for APs and end users authentication), the Authenticate method used is RADIUS (Cisco Aironet) and it prevents the TACACS server from generating command accounting Reports under "Reports and Activity > TACACS+ Administration"

Any idea on how to overcome this?

Thanks,

Antonio

1 Accepted Solution

Accepted Solutions

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

You have to add another hostname for the AP...i.e APr and APt, where you can use the same NAD ip address but use radius for one and tacacs for the other.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

3 Replies 3

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

You have to add another hostname for the AP...i.e APr and APt, where you can use the same NAD ip address but use radius for one and tacacs for the other.

Thanks,

Tarik Admani
*Please rate helpful posts*

Hello Tarik,

Thanks for replying!

I did what you suggested and it worked perfectly. Have you ever seen something similar to my scenario and the ACS config you suggested? Just to make sure I am not implementing something unusual.

Thanks,

Antonio

That is normal and is the only way to implement that results that you were seeking. When ACS 5.x rolled out, one of the features now is that you can set a tacacs and radius shared secret within the same network device entry. It makes it much easier to configure and manage.

thanks,

Tarik Admani
*Please rate helpful posts*