Configuring cisco acs server and routers

mulhollandm · ‎03-21-2005

folks

i'm currently setting up our acs server and authenticating connections to my routers

is there a plain speaking guide to configuring the routers to use the acs servers

also do i need to set up a local account on the router in case the server fails?

thanks to anyone taking the time to reply

thisisshanky · ‎03-21-2005

Yes, create a local account, in case connection to the server fails.

Here is a guide.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Richard Burts · ‎03-21-2005

The link that Sankar included is a good one and I think you can learn a lot if your read it carefully.

I would have a slightly different answer about whether to create local accounts as a backup in case the server connection fails. I think whether local accounts are a good solution depends on how many routers you are talking about and how many people need access to the routers if the server connection fails. If you have a small number of routers and a small number of users then local accounts are a fine solution and will come near providing the degree of security provided by ACS (individual IDs and individual unique passwords). But if you have a large number of routers and/or a large number of users who need access then local accounts are a solution that does not scale well. This is why ACS is an attractive solution - it provides individual IDs and unique individual passwords with a single point of administration. If you have to set up a local account for each user and do it on each router then local accounts have a real limitation.

An alternative to consider is to use the line alternative which will use configured passwords on the line (vty port or console) to authorize access if the server connection fails.

HTH

Rick

HTH

Rick