Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
806
Views
0
Helpful
2
Replies

Configuring Cisco 1710 for AAA w/ CSACS

bwgraybwgray
Level 1
Level 1

‎03-02-2005 01:48 PM - edited ‎03-10-2019 02:02 PM

Hi Everyone,

I am having a bit of a time here working through the Cisco press book trying to configure my 1710 router (IOS 12.2) to connect with a tacacs+ server.

The Server is CSACS v3.3 running on Win2k3. *I think I have that configured correctly.

I am trying the following commands from the Secur Cisco Press Book:

aaa new-model

aaa authentication ppp newlist tacacs+ local

tacacs-server host 20.0.0.2 key labkey

interface ethernet0

ppp authentication default <--- THIS IS THE LINE NOT ACCEPTED

for some reason as soon as I go into the interface mode, ppp is unrecognized. *I am assuming I don't understand something correctly here - or I can only put ppp authentication on Serial Lines?

Thanks Everyone,

BWG

Labels:
0 Helpful
2 Replies 2

nchopra79
Level 1
Level 1

‎03-02-2005 11:35 PM

Hi,

You've got two ways to accomplish the task:

First Configuration:

--------------------

aaa new-model

tacacs-server host 20.0.0.2 key labkey

aaa authentication login default group tacacs+ local

--------------------

The above configuration uses the Keyword "default" under the aaa authentication command line..

"Default" keyword automatically enables the TACACS+/ Radius authentication on every interface of the router, so need not to do any configuration on the Interfaces.

Second Configuration: (the method that ur trying to do)

----------------------

aaa new-model

tacacs-server host 20.0.0.2 key labkey

aaa authentication login newlist group tacacs+ local

-----------------------

Under this configuration, I've changed the keyword "default" with "newlist", this is known as "Method List".

Now, TACACS authentication needs to be enabled manually on every interface or on those interface on which u would like to.

the command which will be used to enable the method list on interfaces will be:

Router(config-if)#login authentication newlist

If you want to authenticate users telnetting into your router, then configure this command under the VTY 0 4 lines not under the Ethernet0 or if you want to authenticate dialin users then you need to configure this command under the Line.

If you are using any specific authentication protocol then you can configure "ppp authentication pap/chap/MSCHAPV2" under ethernet interface, but make sure the same protocol is being used by the ACS server also.

ALL THE BEST !!

0 Helpful

bwgraybwgray
Level 1
Level 1
In response to nchopra79

‎03-03-2005 09:17 AM

Thanks nchopra,

I must say that I'm not too impressed just yet on the Cisco Press book that covers this; it runs through it pretty quickly.

With your explanation, I have a much clearer understanding of what I was setting up; not to mention it works just fine now. :)

Thanks Again,

BWG

0 Helpful
Customers Also Viewed These Support Documents