Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1414
Views
0
Helpful
2
Replies

ACS 5.1 Primary / Standby config

muhammad feroz
Level 1
Level 1

‎02-01-2011 08:59 AM - edited ‎03-10-2019 05:46 PM

Dear all

Basic Setup -

1st problem:

In the Test Lab : I have  Cisco ACS 1121 device  and in that i have Added all network devices  - routers and switches

Now i have to authenticate with Active directory. In active directory i have created users and added those users in to a group.

Can you show me any link which shows step by step instructions how add Cisco ACS in to active directory and create policies for authentication.

I have Cisco ACS 5.1 documention but there is no step by step instructions for my requirement.

2nd Problem:

I have another Cisco 1121 ACS, I want to configure this box as Backup or standby?

Can you show me any link which shows step by step instructions how to add 2 nd ACS box as secondary?

3rd Problem:

In the cisco routers i need add commands for authenticaiton

on console i need Local authentication and for telnet & ssh line tatacs authentication, if tacacas server fails than Local authentication.

for that i need some commands lilke

aaa new-model

aaa authenXXX

aaa authrorizationXXX

Can you let me know those commands.

Sorry guys for 3 questions,  but i stuck in the middle, can any one help me.

Labels:
0 Helpful
2 Replies 2

muhammad feroz
Level 1
Level 1

‎02-07-2011 04:43 AM

Hi guys

It seems no one is answered this question. not a problem.

I have solved some of them myself.

1Q answer@:

On ACS 1121 boxLets assume that ACS ip address: 1.1.1.1/24  and AD- 1.1.1.2/24 and Router ip address = 1.1.1.3/24

1st did setup ACS basic setup,  i have configured on E0 interface as 1.1.1.1/24.

To add this box in to domain, i must need to give these 2 comamnds

like  ip name-server 1.1.1.2  , ntp server 1.1.1.2 (assume my ad is also NTP server)

Make sure that time is same on ACS and AD domain controller.

users and identity stores- external identity stores - active directory  - type doamin name, Administrator and password. - select test connection- it will join in domain

After this you need to add a specific AD group for authentication - to do this

You get a new tab directory groups in the - users and identity stores- external identity stores - active directory.

In the directory groups  - with mouse click - select option ( do not add manually the groups - it did not work for me)

select - you can see the list of groups - select it . that's it.


Create a rule

to do this come to Access-policies - Access services - Default Devicee admin -

identity  - here you select AD (authentication to ad groups)

authorization - create a new rule - just click AD1:external groups-select the group - rest all default - it mean any

now you can login.

0 Helpful

muhammad feroz
Level 1
Level 1
In response to muhammad feroz

‎02-07-2011 04:45 AM


username admin pass admin
enable secret cisco123
tacacs-server host 1.1.1.1

tacacs-server key cisco

aaa new-model
aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+


aaa authentication login notacacsforcosnole local
line con 0
login authentication notacacsforcosnole But still primary and standby config is left.

but  i am not able to solve 3rd question ? Any one knows how to configure the primary and standby config?

0 Helpful
Customers Also Viewed These Support Documents