Solved: same host for radius and tacacs

be04376 · ‎02-04-2008

Hi,

can i put a host (asa for example) twice in the acs server? one for tacacs to grant exec access to administrators and one for radius to authenticate the remote users.

I dont want remote users to be able to get exec mode.

Or how should i configure this ?

Jagdeep Gambhir · ‎02-04-2008

Yes, you can do it. ON acs network configuration

add

ASA---> 10.1.1.1----> Auth using tacacs+

ASA1-->10.1.1.1---->Auth using Radius

Host name can't be same.

Regards,

~JG

Do rate helpful posts

View solution in original post

cisco24x7 · ‎02-04-2008

CiscoPix# sh run | inc aaa

aaa-server ABC protocol tacacs+

aaa-server ABC (outside) host 192.168.1.1

aaa-server TEST protocol tacacs+

aaa-server TEST (outside) host 192.168.1.1

aaa-server funk protocol radius

aaa-server funk (outside) host 192.168.1.1

aaa authentication enable console ABC LOCAL

aaa authentication ssh console ABC LOCAL

aaa authentication http console LOCAL

aaa accounting command ABC

aaa accounting ssh console ABC

aaa accounting telnet console ABC

aaa accounting serial console ABC

aaa accounting enable console ABC

It's all in the tag (i.e. ABC, TEST, funk)

CCIE Security

Jagdeep Gambhir · ‎02-04-2008