05-13-2003 12:09 PM - edited 03-10-2019 07:18 AM
I have some apparently conflicting requirements that I would like to confirm with the more experienced ACS folks:
1. All users will authenticate via the external Win NT database
2. The users are in two classes:
- dial up users
- LAN users
3. Password aging will be enabled in the Windows domain
4. I want to create a user group with command permissions (ie a monitor group that cannot change a config but can reload the box)
5. I want to have the admin people log in at a non-enabled level and enter a different password to reach the enable mode.
As far as I can tell requirement 3 can only be done with RADIUS and 4 and 5 require TACACS+
05-13-2003 01:28 PM
Hi,
Yes, your are correct ! Requirement 1 & 2 can be fullfilled by both tacacs+ or radius.
Requirement 3 requires radius. Here is the link :
And of course, 4 & 5 require tacacs+.
Thanks,
Mynul
05-14-2003 01:03 PM
I have created separate AAA clients within ACS for each NAS: one supports TACACS and one supports RADIUS so that I can authenticate the PPP connections with RADIUS and the admin logins to the NAS with TACACS. So far this seems to be working well.
05-14-2003 04:40 PM
Great ! Thanks,
Mynul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide