ACS request splitting in router

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2016 02:25 AM - edited 03-10-2019 11:55 PM
Hi,
I have one requirement.
We have multiple routers and firewall in our network. All these are managed through ACS for aaa purpose. At same time we have tools like PI , DCNM and more for managing these components. All these NMS tools are pooling to Routers and firewall for fetching data at periodic interval.
Now problem is the request from these tools are captured in ACS and my ACS data base fulls very fast and I am unable to find actual users logs in it. Is there any way to configure some parameters on router/ firewall to direct request from NMS tools to local database and from users to ACS by looking at source address.
In Short , for a router access I want some of my host to be authenticated through ACS and some by local database
Thanks in advance.
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2016 09:09 PM
You can always list the local database first and then RADIUS/TACACS+. That way, the local database will be checked first and if the user is not found then the next database (ACS) will be queried.
If that is not an option, then you can try using rotary groups:
https://supportforums.cisco.com/discussion/11721671/how-change-ports-access
I hope this helps!
Thank you for rating helpful posts!
