ACS configuration on router !!

goa0201 · ‎09-20-2004

Hi all,

We are currently using ACS server 2.6 for wireless only, authentication is Radius.

I need to log the failed logins on the router thru ACS server, can anyone help me with configuration on the router and what is to be done on the ACS server , i do not want to mess wih my current wireless configuration.

thanks in advance.

Richard Burts · ‎09-21-2004

It should not be difficult to configure your router so that you can log the failed logins on the ACS server. I have customers who routinely do this. This example is based on features in 12.3 and if your router is running older code then things lige server-groups will have to be omitted. The essential parts of the config include these:

aaa new-model

aaa authentication login default group tacacs+ line

ip tacacs source-interface loopback0

tacacs-server host

tacacs-server key

This will send authentication requests to the ACS server and if the login attempt is refused then the ACS server should log that. This config also allows that if the tacacs server is not available then the line passwords (console or vty) would be used.

HTH

Rick

HTH

Rick

scottosan · ‎09-30-2004

make you that you set up groups with proper privilege levels also, or anyone with a wireless usernamve and password will be able to log into your router you may want to consider setting your ACS up as a seperate TACACS+

aaa new-model

aaa authentication login default group tacacs+/radius line

aaa authorization exec default group tacacs+/radius if-authenticated

aaa accounting exec default start-stop group tacacs+/radius