cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

142
Views
0
Helpful
1
Replies
vishaw jasrotia
Beginner

ACS request splitting in router

Hi,

I have one requirement.  

We have multiple routers and firewall in our network. All these are managed through ACS for aaa purpose. At same time we have tools like PI , DCNM and more for managing these components. All these NMS tools are pooling to Routers and firewall for fetching data at periodic  interval.

Now problem is the request from these tools are captured  in ACS and my  ACS data base fulls very fast and I am unable to find actual users logs in it. Is there any way to configure some parameters on router/ firewall to direct request from NMS tools to local database and from users to ACS by looking at source address.

In Short , for a router access I want some of my host to be authenticated through ACS and some by local database

Thanks in advance. 

1 REPLY 1
nspasov
Cisco Employee

You can always list the local database first and then RADIUS/TACACS+. That way, the local database will be checked first and if the user is not found then the next database (ACS) will be queried. 

If that is not an option, then you can try using rotary groups:

https://supportforums.cisco.com/discussion/11721671/how-change-ports-access

I hope this helps!

Thank you for rating helpful posts!

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube