01-26-2011 01:22 PM - edited 03-10-2019 05:45 PM
Hello everybody,
I use Active Directory as external identity store for ACS. In ACS 5.2 Web interface navigating to Access Policies > Access Services and going to the Allowed Protocols tab, the only Protocol that works is PAP/ASCII. In the documentation of ACS it is described as the least secure authentication method for ACS.
I would like to use EAP-FAST. What command do i have to enter on the aaa client to work with? The Router has IOS version 12.4.
Here is its aaa config:
aaa new-model
!
!
aaa group server tacacs+ ACSTEST1
server 1.1.1.1
server 2.2.2.2
!
aaa authentication banner ^CCCCCC*** TACACS+ Server not available, use local defC
aaa authentication fail-message ^C
aaa authentication login default group tacacs+
aaa authentication login VTY group tacacs+ local
aaa authentication login CONSOLE group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
aaa session-id common
I did not find any Help in the Cisco IOS Security Command Reference nor in the Internet.
Thank you for your help.
Kind regards, Andy
Solved! Go to Solution.
01-28-2011 01:48 AM
Hi,
TACACS+ authentication only supports PAP, so it is not possible to use EAP-FAST.
Please keep in mind that EAP methods are used with RADIUS, not with TACACS+.
HTH,
Tiago
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
01-28-2011 01:48 AM
Hi,
TACACS+ authentication only supports PAP, so it is not possible to use EAP-FAST.
Please keep in mind that EAP methods are used with RADIUS, not with TACACS+.
HTH,
Tiago
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
01-28-2011 02:22 AM
Hi Tiago,
Thank you for your answer!
MTFBWY
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide