Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1771
Views
0
Helpful
1
Replies

ACS v3.1 working as RADIUS and TACACS+

venancio.martinez
Level 1
Level 1

‎03-05-2003 08:13 AM - edited ‎03-10-2019 07:10 AM

I have an ACS with two aaa-servers: one RADIUS and one TACACS+. I have defined two groups of users, one for RADIUS and another for TACACS+. The problem I have is that I can use "radius" users in TACACS+ and "tacacs" users in RADIUS, and I don't know how to separate them. What I want is to use the group radius when the aaa-client is RADIUS and the group tacacs when the aaa-client is TACACS+.

Regards.

Labels:
0 Helpful
1 Reply 1

tepatel
Cisco Employee
Cisco Employee

‎03-06-2003 02:00 PM

Once the users entered in the database of ACS, no way to seperate them based on RADIUS or TACACS protocol.

However you can have one user always authenticted using RADIUS and not using TACACS using "NAS Filtering" or NAR . NAS filtering can be used to limit authentication of a user on a per-NAS basis. So with that the user will be authenticated from RADIUS speaking NAS only and not via TACACS speaking NAS. (if its configured that way).

In other words you can dedicte certain users to be authenticated by certain NAS only.

Here is the way to do that

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs31/acsuser/u.htm#94180

0 Helpful
Customers Also Viewed These Support Documents