09-11-2007 06:46 PM - edited 03-03-2019 06:43 PM
Hi All,
I would like to configure both radius & tacacs authentications on Cisco 7600 router.Is it possible? Can anyone give me some tips or refer to some urls?
Thanks,
Beno
09-11-2007 06:53 PM
Beno
I am not clear from your post whether you want to use both TACACS and Radius for normal router/switch login authentication or if you are interested in something else. I have configured some routers for Dial Access which use Radius for authenticating the PPP dial user and use TACACS for login to the router. This works quite well.
Are you interested in attempting both TACACS and Radius for router login or are you interested in TACACS for one function and Radius for some other function.
From my experience it works well to use TACACS for one function (normal router login) and to sue Radius for some other function (dial/PPP authentication). I do not believe that both TACACS and Radius can be used for the same function.
HTH
Rick
09-11-2007 07:35 PM
Rick,
Thanks for your update.
I was wondering if both Radius/TACACS can be used for login to the router.
Thanks
09-11-2007 07:40 PM
Yes indeed!
09-12-2007 01:22 AM
Hi Andrew,
If you have used both at the same time-
Radius/TACACS,then which username/password will you key in when the router prompts for the login?
I guess you can either use Radius (or) TACACS
If it still works for you then let me know the config please..
Thanks,
Beno
Note:
Ofcourse, you can use radius for the dialup users via PPP and TACACS for just login to the router
09-11-2007 10:05 PM
HI Rick,
Can you post the COMPLETE CONFIGURATION which you have done in your Experience.
"routers for Dial Access which use Radius for authenticating the PPP dial user and use TACACS for login to the router"
Thanks in Advance for Help...
Best Regards,
Guru Prasad R
09-11-2007 06:53 PM
09-12-2007 10:26 AM
Guru
It is not practical to post the entire config. But here are the relevant parts for doing authentication of router login by TACACS and dial access users by Radius.
!
aaa new-model
!
aaa group server tacacs+ admin_TAC
server 10.18.24.20
!
aaa group server radius user_radius
server 10.231.110.185 auth-port 1645 acct-port 1646
!
aaa authentication login default group user_radius local
aaa authentication login admin group admin_TAC line
aaa authentication enable default group admin_TAC enable
aaa authentication ppp default if-needed group user_radius local
!
interface Group-Async0
encapsulation ppp
ppp authentication pap
group-range 1/00 2/107
!
interface Dialer1
encapsulation ppp
ppp authentication pap
!
ip tacacs source-interface Loopback0
!
ip radius source-interface Loopback0
!
tacacs-server host 10.18.24.20 key 7 [hide]
!
radius-server host 143.231.110.185 auth-port 1645 acct-port 1646 key 7 [hide]
!
line con 0
login authentication admin
!
line vty 0 4
login authentication admin
!
line 1/00 2/107
autoselect during-login
autoselect ppp
!
HTH
Rick
09-12-2007 11:09 AM
I think the main question was not phrased clearly enough and needs to be clarified.
Good example Rick.
09-12-2007 10:30 PM
HI Rick,
Thanks for the sample.
:)have Rated your Post.
Best Regards,
Guru Prasad R
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide