07-07-2003 01:41 AM - edited 03-10-2019 07:23 AM
i need add some branch routers as clients to the acs server. so when choosing the ip addresses of these routers, which interface's ip address should i choose?
if i use these routers' loopback interface ip address, should i add any other command beside the basic aaa configurations? I mean to specify the loop back address as the source to send related aaa info to the acs server?
Thanks in advance!
07-07-2003 07:35 AM
Hi,
You should try using that interface address that is closest to the ACS server's segment. But you could source the Radius/Tacacs from other interfaces such as the loopback as well.
The command to use is
ip radius source-interface
or in case of tacacs,
ip tacacs source-interface
Thanks,
yatin
07-07-2003 05:33 PM
Hi! Thanks a lot for your help! And could you tell me any links to learn these commands?
And more help is needed, if each branch router has a isdn backup for the main ddn circuit to the center router, in order to authenticate the user of isdn in case the failure of main circuit, how can i add users in the acs server? I mean if it is same as i do when i add users for telnet and enable authentication.
The following command for isdn authentication I configured on the center router:
aaa new-model
aa authentication ppp default group tacacs+
tacacs-server host x.x.x.x key xxxxxxx
And users for isdn have been defined in the branch routers.
So will the above configuration enough for the isdn authentication to take effect?
Thanks in advance!
07-07-2003 05:49 PM
Hi,
Here's the link for the command details;
ip radius source
ip tacacs source
For any command lookup, please use the Command Lookup Tool at
http://www.cisco.com/cgi-bin/Support/Cmdlookup/home.pl
You have be logged into CCO to be able to use this tool.
As for the users for ISDN, the above config is correct for authentication i.e. these users will use the service ppp.
If the users are also going to use enable or telnet to the router, then you will need to have " aaa authentication login ......." command
Please refer to the url below for more info;
RADIUS Configuration Examples
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/cs_unx/csu23ug/nasconra.htm
Configuring TACACS+
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt2/scdtplus.htm
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/cs_unx/csu23ug/nasconfg.htm
Hope this helps,
Yatin
07-07-2003 06:57 PM
Hi, thanks for the quick response. It's of much help. Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide