Solved: Re: RADIUS and TACACS+ Authentication

hwknight53 · ‎07-31-2008

We are authenticating our systems through dot1x. I also need to be able to authenticate our Cisco admins using the same ACS server. I see how to configure a switch to do both TACACS+ and RADIUS, but I don't see how to setup ACS to allow a switch to use both TACACS+ and RADIUS.

Can someone give me a pointer?

Thanks

Jagdeep Gambhir · ‎07-31-2008

You need to set up both authentication on switch.

aaa authentication login default group tacacs local

aaa authentication dot1x default group radius

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization network default group radius

radius-server host 2.2.2.2 key cisco

tacacs-server host 2.2.2.2 key cisco

On ACS you need to add switch twice.

ACS--->network configuration--->add aaa-clinet

Host name switch1

IP : 3.3.3.3

Authen using : Radius IETF

Add another switch

Host name switch2

IP : 3.3.3.3

Authen using : Tacacs+

Regards,

~JG

Do rate helpful posts

View solution in original post

Jagdeep Gambhir · ‎07-31-2008

You need to set up both authentication on switch.

aaa authentication login default group tacacs local

aaa authentication dot1x default group radius

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization network default group radius

radius-server host 2.2.2.2 key cisco

tacacs-server host 2.2.2.2 key cisco

On ACS you need to add switch twice.

ACS--->network configuration--->add aaa-clinet

Host name switch1

IP : 3.3.3.3

Authen using : Radius IETF

Add another switch

Host name switch2

IP : 3.3.3.3

Authen using : Tacacs+

Regards,

~JG

Do rate helpful posts

hwknight53 · ‎07-31-2008

Thanks. I started to try that, but I didn't think that it would let me use two different names. That works great.

Thanks,

Wes