Hi Chris,

If you're running 1121 with ACS 5.4 and looking at Table 4-4     ACS 5.4 Functional Interface Distribution Among Network Interfaces. then the answer is that you may set up any interface for tacacs/radius authentication. However, management interface should be setup for gig0 only. Currently, it doesn't support NIC teaming/bonding. However, it sometimes create issues with replication.

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.4/installation/guide/csacs_hw_ins.html#wp1179311

In case you are running 3415 appliance, the only difference is that it supports reduduncy but that only applies for Cisco Integrated Management Interface (CIMC)

step 4. Set the NIC mode to your choice for which ports to use to access the CIMC for server management

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/installation/guide/csacs_hw_ins_ucs.html#wp1188250

Hope this helps.

~BR
Jatin Katyal

**Do rate helpful posts**

Thanks for the reply Jatin!  I guess I'm more interested in wether the additional interfaces (not the management interface) an be used as different TACACS and RADIUS targets for authentication requests and then used as a matching condition in policy.  So, if mgmt is 1.1.1.1 - can I have 1.1.2.1 on another interface and 1.1.2.2 on another interface?  Then I can point tacacs/radius auth requests to either...

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

Honestly, I have not tried it personally however, It should work without any issues becuase ACS just need to listen/accept that request. It's a network access device that decide which interface is being used for radius / tacacs protocol.

Shouldn't be an issue as all interfaces supports radius/tacacs.

~BR
Jatin Katyal

**Do rate helpful posts**