01-28-2013 07:25 AM - edited 03-10-2019 08:01 PM
Hi all,
I've currently got an ACS setup running TACACS+ which is doing the normal AAA things that we need it to do.
I've been searching around online and can't figure out if I can set up the ACS to run Radius and TACACS+ in parallel on the same box? I've tried adding in new clients and servers with the same IP but using Radius instead of tacacs but the ACS refuses them as the hosts already exist.
The reason we want Radius is we're testing 802.1x and need a radius server to do it.
Any help would be greatly appreciated
Thanks again
Oli
Solved! Go to Solution.
01-29-2013 03:04 AM
Hi Oli,
Are you using same device name? If you do that then don't. You can not use same device name.
Use different device name with same IP address and change to RADIUS and that should probably work.
Regards,
Amjad
Rating useful replies is more useful than saying "Thank you"
01-28-2013 11:46 PM
Hello Oliver,
what ACS version are you using?
If you use 4.x then you can simply create a new entry of the device with same IP but choose different protocol (TACACS+ or RADIUS) and that should work.
If you are using 5.x however, you can add both TACACS+ and RADIUS configuration under the same device.
If you go to: Network Resources -> Network Devices and AAA Clients, and then try to create a new device entry, you will find both configuration for TACACS+ and RADIUS that can be configured independently.
If you are using versoin 4.x, have TACACS+ configured and try to configure RADIUS and tells you the device is already exist, then make sure that the device is not already added as RADIUS client on same server. Use the search to search for the ip address and double check.
HTH
Amjad
Rating useful replies is more useful than saying "Thank you"
01-29-2013 01:05 AM
Hi Amjad,
Im running 4.1 on an ACS 1111. Everytime i try to add the device under radius instead of tacacs+ it says the host exists so I can't add it in? I've also searched for the IP and i'm yet to find a solution.
Any other ideas? Appreciate your help
Oli
01-29-2013 03:04 AM
Hi Oli,
Are you using same device name? If you do that then don't. You can not use same device name.
Use different device name with same IP address and change to RADIUS and that should probably work.
Regards,
Amjad
Rating useful replies is more useful than saying "Thank you"
01-29-2013 04:21 AM
Hi Amjad
That'll do it!
Now to get dot1x working
Thanks again
Oli
01-29-2013 06:00 AM
Thanks Oli. Glad that I could help.
Rating useful replies is more useful than saying "Thank you"
01-04-2017 04:55 AM
Hi All,
My Question is
can we configure tacacs+ and radius (as a client) on the same router?
If yes,which protocol should it take as highest priority(tacacs+ or Radius).
Thanks in advance.
With regards,
karimulla.g
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide