02-01-2011 08:59 AM - edited 03-10-2019 05:46 PM
Dear all
Basic Setup -
1st problem:
In the Test Lab : I have Cisco ACS 1121 device and in that i have Added all network devices - routers and switches
Now i have to authenticate with Active directory. In active directory i have created users and added those users in to a group.
Can you show me any link which shows step by step instructions how add Cisco ACS in to active directory and create policies for authentication.
I have Cisco ACS 5.1 documention but there is no step by step instructions for my requirement.
2nd Problem:
I have another Cisco 1121 ACS, I want to configure this box as Backup or standby?
Can you show me any link which shows step by step instructions how to add 2 nd ACS box as secondary?
3rd Problem:
In the cisco routers i need add commands for authenticaiton
on console i need Local authentication and for telnet & ssh line tatacs authentication, if tacacas server fails than Local authentication.
for that i need some commands lilke
aaa new-model
aaa authenXXX
aaa authrorizationXXX
Can you let me know those commands.
Sorry guys for 3 questions, but i stuck in the middle, can any one help me.
02-07-2011 04:43 AM
Hi guys
It seems no one is answered this question. not a problem.
I have solved some of them myself.
1Q answer@:
On ACS 1121 boxLets assume that ACS ip address: 1.1.1.1/24 and AD- 1.1.1.2/24 and Router ip address = 1.1.1.3/24
1st did setup ACS basic setup, i have configured on E0 interface as 1.1.1.1/24.
To add this box in to domain, i must need to give these 2 comamnds
like ip name-server 1.1.1.2 , ntp server 1.1.1.2 (assume my ad is also NTP server)
Make sure that time is same on ACS and AD domain controller.
users and identity stores- external identity stores - active directory - type doamin name, Administrator and password. - select test connection- it will join in domain
After this you need to add a specific AD group for authentication - to do this
You get a new tab directory groups in the - users and identity stores- external identity stores - active directory.
In the directory groups - with mouse click - select option ( do not add manually the groups - it did not work for me)
select - you can see the list of groups - select it . that's it.
Create a rule
to do this come to Access-policies - Access services - Default Devicee admin -
identity - here you select AD (authentication to ad groups)
authorization - create a new rule - just click AD1:external groups-select the group - rest all default - it mean any
now you can login.
02-07-2011 04:45 AM
username admin pass admin
enable secret cisco123
tacacs-server host 1.1.1.1
tacacs-server key cisco
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa authentication login notacacsforcosnole local
line con 0
login authentication notacacsforcosnole But still primary and standby config is left.
but i am not able to solve 3rd question ? Any one knows how to configure the primary and standby config?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide