Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1648
Views
3
Helpful
4
Replies

help£¡

zhang-hao
Level 1
Level 1

‎07-07-2003 01:41 AM - edited ‎03-10-2019 07:23 AM

i need add some branch routers as clients to the acs server. so when choosing the ip addresses of these routers, which interface's ip address should i choose?

if i use these routers' loopback interface ip address, should i add any other command beside the basic aaa configurations? I mean to specify the loop back address as the source to send related aaa info to the acs server?

Thanks in advance!

Labels:
0 Helpful
4 Replies 4

ywadhavk
Cisco Employee
Cisco Employee

‎07-07-2003 07:35 AM

Hi,

You should try using that interface address that is closest to the ACS server's segment. But you could source the Radius/Tacacs from other interfaces such as the loopback as well.

The command to use is

ip radius source-interface

or in case of tacacs,

ip tacacs source-interface

Thanks,

yatin

0 Helpful

zhang-hao
Level 1
Level 1
In response to ywadhavk

‎07-07-2003 05:33 PM

Hi! Thanks a lot for your help! And could you tell me any links to learn these commands?

And more help is needed, if each branch router has a isdn backup for the main ddn circuit to the center router, in order to authenticate the user of isdn in case the failure of main circuit, how can i add users in the acs server? I mean if it is same as i do when i add users for telnet and enable authentication.

The following command for isdn authentication I configured on the center router:

aaa new-model

aa authentication ppp default group tacacs+

tacacs-server host x.x.x.x key xxxxxxx

And users for isdn have been defined in the branch routers.

So will the above configuration enough for the isdn authentication to take effect?

Thanks in advance!

0 Helpful

ywadhavk
Cisco Employee
Cisco Employee
In response to zhang-hao

‎07-07-2003 05:49 PM

Hi,

Here's the link for the command details;

ip radius source

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/fssprocr/srfrad.htm#1039140

ip tacacs source

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/fssprocr/srftacs.htm#1017796

For any command lookup, please use the Command Lookup Tool at

http://www.cisco.com/cgi-bin/Support/Cmdlookup/home.pl

You have be logged into CCO to be able to use this tool.

As for the users for ISDN, the above config is correct for authentication i.e. these users will use the service ppp.

If the users are also going to use enable or telnet to the router, then you will need to have " aaa authentication login ......." command

Please refer to the url below for more info;

RADIUS Configuration Examples

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt2/scdrad.htm#1001308

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/cs_unx/csu23ug/nasconra.htm

Configuring TACACS+

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt2/scdtplus.htm

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/cs_unx/csu23ug/nasconfg.htm

Hope this helps,

Yatin

zhang-hao
Level 1
Level 1
In response to ywadhavk

‎07-07-2003 06:57 PM

Hi, thanks for the quick response. It's of much help. Thanks again.

0 Helpful
Customers Also Viewed These Support Documents