Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1421
Views
0
Helpful
5
Replies

ACS and Tacacs on switches

Network Pro
Level 1
Level 1

‎05-26-2011 07:05 AM - edited ‎03-10-2019 06:06 PM

Hi all,

Inorder for tacacs+ to work on switches, do we need to create an entry for these switches on the ACS server...because in my previous place of wor, my collegue configured tacacs without entering any on the acs server..is this possible?


Thanks

Labels:
0 Helpful
5 Replies 5

srirmoha
Level 1
Level 1

‎05-26-2011 07:17 AM

Hi There,

As far as the ACS 5.x is concerned, it's not possible to achieve this

without having the switch defined as a AAA client on the ACS.

You need to define this under Network Resources >> Network Devices and AAA

Clients. And once you add this here, mention the TACACS shared secret you

intend to use on the switch config for this TACACS server.

0 Helpful

Network Pro
Level 1
Level 1
In response to srirmoha

‎05-26-2011 07:43 AM

thanks for the reply...thats what i thought as well but definetly there was no indivigual entry of each switch ip address...any other thoughts on this?

0 Helpful

andamani
Cisco Employee
Cisco Employee
In response to Network Pro

‎05-26-2011 09:06 AM

Hi,

You will need to define a tacacs server on the switch.

On the ACS server you will need to define the Switch as a AAA client. This will make the ACS server listen to the requests coming from this Switch. Else the ACS server will drop the request giving a failure reason as "Unknown NAS"

Hope this helps.

Regards,

Anisha

P.S.: please mark this post as answered if you feel your query is resolved. Do rate helpful posts.

0 Helpful

srirmoha
Level 1
Level 1
In response to andamani

‎05-26-2011 10:15 AM

Hi,

Well you can either add one single switch as a host or the entire subnet under AAA clients on the ACS.


Probably your colleague had the entire subnet defined on the ACS, hence he needed not add each host one by one. They must have been automatically included in the subnet range.

I mean instead of adding a switch as 192.168.1.1 255.255.255.255 as a AAA client, he must have added it as 192.168.1.0 255.255.255.0. So all the hosts in this networks are added effectivel as AAA clients on the ACS 5.x.

Hope this helps.. and yes please mark this post as answered if you feel your query is resolved. Do rate helpful posts. :-)

0 Helpful

Network Pro
Level 1
Level 1
In response to srirmoha

‎05-27-2011 02:52 AM

Hi,

Thanks for all your replies. I figured out how this is done. There is an unassigned entry on the ACS where you edit it and just enter the key without any ipaddress or host name..if there is no unassigned then all you do is create another entry for AAA client and just enter the key without any ip address or hostname. on applying this, you will find this entry to change as others which means for all switches in the range

Thakns

0 Helpful
Customers Also Viewed These Support Documents