Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3133
Views
11
Helpful
6
Replies

Run Radius & Tacacs+ simultaneously on ACS

Go to solution
Oliver Eve
Level 1
Level 1

‎01-28-2013 07:25 AM - edited ‎03-10-2019 08:01 PM

Hi all,

I've currently got an ACS setup running TACACS+ which is doing the normal AAA things that we need it to do.

I've been searching around online and can't figure out if I can set up the ACS to run Radius and TACACS+ in parallel on the same box? I've tried adding in new clients and servers with the same IP but using Radius instead of tacacs but the ACS refuses them as the hosts already exist.

The reason we want Radius is we're testing 802.1x and need a radius server to do it.

Any help would be greatly appreciated

Thanks again

Oli

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni
In response to Oliver Eve

‎01-29-2013 03:04 AM

Hi Oli,

Are you using same device name? If you do that then don't. You can not use same device name.

Use different device name with same IP address and change to RADIUS and that should probably work.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

View solution in original post

6 Replies 6

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni

‎01-28-2013 11:46 PM

Hello Oliver,

what ACS version are you using?

If you use 4.x then you can simply create a new entry of the device with same IP but choose different protocol (TACACS+ or RADIUS) and that should work.

If you are using 5.x however, you can add both TACACS+ and RADIUS configuration under the same device.

If you go to: Network Resources -> Network Devices and AAA Clients, and then try to create a new device entry, you will find both configuration for TACACS+ and RADIUS that can be configured independently.

If you are using versoin 4.x, have TACACS+ configured and try to configure RADIUS and tells you the device is already exist, then make sure that the device is not already added as RADIUS  client on same server. Use the search to search for the ip address and double check.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Go to solution
Oliver Eve
Level 1
Level 1
In response to Amjad Abdullah

‎01-29-2013 01:05 AM

Hi Amjad,

Im running 4.1 on an ACS 1111. Everytime i try to add the device under radius instead of tacacs+ it says the host exists so I can't add it in? I've also searched for the IP and i'm yet to find a solution.

Any other ideas? Appreciate your help

Oli

0 Helpful

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni
In response to Oliver Eve

‎01-29-2013 03:04 AM

Hi Oli,

Are you using same device name? If you do that then don't. You can not use same device name.

Use different device name with same IP address and change to RADIUS and that should probably work.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Go to solution
Oliver Eve
Level 1
Level 1
In response to Amjad Abdullah

‎01-29-2013 04:21 AM

Hi Amjad

That'll do it!

Now to get dot1x working

Thanks again

Oli

Go to solution
Amjad Abdullah
VIP Alumni
VIP Alumni
In response to Oliver Eve

‎01-29-2013 06:00 AM

Thanks Oli. Glad that I could help.

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Go to solution
g.karim19921
Level 1
Level 1
In response to Amjad Abdullah

‎01-04-2017 04:55 AM

Hi All,

My Question is

can we configure tacacs+ and radius (as a client) on the same router?

If yes,which protocol should it take as highest priority(tacacs+ or Radius).

Thanks in advance.

With regards,

karimulla.g

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents