10-06-2000 07:51 AM - edited 02-21-2020 09:56 AM
Well I have 3620 which is used for remote clients to dial-in and to connect to our internal network. I was using internal(local router account database) i.e creating account for each user on router. Now I wanted to use my existing NT account database for users to authenticate via dial-up. I bought Cisco Secure ACS for NT 2.4 to solve this problem. Now I need help how to implement this. Right now i want both my local router database and NT account database to work parallel..I need some sample configurations...or help
will this command on my router
aaa authentication ppp default if-need local
will work
i need help..and urgent
10-06-2000 10:40 AM
Our online TAC has a number of documents that will assist you in your deployment of Cisco Secure ACS NT. Please look through:
http://www.cisco.com/cgi-bin/Support/PSP/psp_view.pl?p=Software:Cisco_Secure_ACS_NT
Should you have specific issues pertaining to your
installation, please open a TAC case by clicking "Open A TAC Case" from:
12-06-2000 11:55 AM
Hi shabib,
I suppose you want to authenticate users via local as well as remote account database. After you configure Cisco secure properly It is possible to configure Cisco IOS to utilize both of the databases, but one after another.
Here is the IOS commands in global config mode needed to accomplish this
aaa new-model
aaa authentication login default local radius
aaa authentication ppp default radius local
aaa authorization exec default local radius
aaa authorization network default radius
aaa accounting exec default start-stop radius
aaa accounting network default start-stop radius
and to specify your remote security server use
radius-server host ip-addr auth-port xxx acct-port xxx non-standard
radius-server key xxxxx
Please refer to Cisco IOS security configuration guide at www.cisco.com for complete reference.
I think Cisco secure is available with both tacacs+ and radius protocols. Configure your router for appropriate protocol and dont forget to specify correct IP address , ports and shared key for your Cisco secure server.
If you need more help, plz dont hesitate to ask.
Best regards.
12-06-2000 03:10 PM
hey thanks arsalan......I successfully installed and configured the Cisco Secure ACS using TACACS+, also was able to use both the database, now i finally got rid of the local database. And this is running good for 2 months now......ne ways thanks for a reply.....I am now planning to use this TACACS+ Server to authenticate my VPN clients terminating on PIX. if u have ne experience with that, prob u can hel me there........
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide