10-29-2013 01:29 PM - edited 02-21-2020 05:01 AM
Hi
Anyone knows if it is possible to integrate non-Cisco Devices with HWTACACS with a Cisco ACS Platform?
Is there any limitations or issues?
Thanks in advance.
12-27-2015 11:27 AM
Hello, yes, you can do it!, the device only need to support TACACS....remember..ACS is AAA.. I used AAA with Huawei and Juniper!.
01-26-2016 01:12 PM
Hi Kevin,
Could you please help me with my config in ACS v4.2 to authenticate a non-cisco device.
There is any web page to download the vendor specific attributes ?? It is necessary ?
01-26-2016 01:48 PM
Hello, Tell me, what kind of device do you want to add?
01-26-2016 02:10 PM
Hi again , I would like to add a Huawei S9300.
by the way I don´t have a vendor specific attributes.
01-26-2016 02:33 PM
ok., I use this configuration in Huawei NE Router and Switch Quidway...
**************************************************************
hwtacacs-server template template_name
hwtacacs-server authentication x.x.x.x (IP Address ACS Server)
hwtacacs-server authorization x.x.x.x
hwtacacs-server accounting x.x.x.x
hwtacacs-server source-ip y.y.y.y (IP Address Loopback of Device)
hwtacacs-server shared-key cipher password-tacacs
hwtacacs-server timer response-timeout 1
undo hwtacacs-server user-name domain-included
#
aaa
authentication-scheme default
authentication-mode hwtacacs local
authorization-scheme default
authorization-mode hwtacacs local if-authenticated
authorization-cmd 0 hwtacacs local
authorization-cmd 1 hwtacacs local
authorization-cmd 15 hwtacacs local
accounting-scheme default
accounting-mode hwtacacs
accounting start-fail online
recording-scheme default (This is for record commands on ACS)
recording-mode hwtacacs name_template
cmd recording-scheme default
domain default_admin
authorization-scheme default
hwtacacs-server name_template
#
user-interface vty 0 4
authentication-mode aaa
****************************************************************************
01-26-2016 03:09 PM
Thanks for the information I´m gonna probe this,
Do I need a vendor specific attributes ?
When I try to config the ACS v4.2 with the option "Authenticate Using" i got this.
TACACS+ (CISCO IOS) |
RADIUS (CISCO AIRESPACE) |
RADIUS (CISCO AIRONET) |
RADIUS (CISCO BBSM) |
RADIUS (3COMUSR) |
RADIUS (CISCO IOS/PIX 6.0) |
RADIUS (CISCO VPN 3000/ASA/PIX 7.X+) |
RADIUS (CISCO VPN 5000) |
RADIUS (IETF) |
RADIUS (ASCEND) |
RADIUS (JUNIPER) |
RADIUS (NORTEL) |
RADIUS (Ipass) |
Which one Do I have to select to authenticate a Huawei Switch.???
Thanks so much for your help...
I appreciate it .
01-26-2016 03:27 PM
use this: TACACS+ (CISCO IOS)
01-28-2016 01:52 PM
Hi Kevin , I use the option TACACS+(CISCO IOS), now I can authenticate with the ACS but only by telnet .
When I try to do it by ssh it gives me the next msg "Write failed: Broken pipe"
I´m going to look for this msg to see if I can solve this.
Thansk for everything Kevin
01-28-2016 02:04 PM
hi, what terminal are using you? putty or CRT?
01-28-2016 02:23 PM
I use ZOC terminal.
01-31-2016 02:33 PM
Hi David,
Can you use Putty as a terminal and test again. If you fail this time, please check ACS reports and activities > failed authentication and let me know.
~ Jatin
02-18-2018 05:27 AM
how do i remove a template
12-29-2015 08:53 AM
Hello,
Yes this can be done, if the thrid party understand radius or tacas it should not be problem.You would always need vendor specific attributes as well installed on ACS for integration with other devices.
Hope it Helps..
-GI
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide