cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7034
Views
9
Helpful
13
Replies

HWTACACS integration with ACS Cisco

juanchop246
Level 1
Level 1

Hi

Anyone knows if it is possible to integrate non-Cisco Devices with HWTACACS with a Cisco ACS Platform?

Is there any limitations or issues?

Thanks in advance.

13 Replies 13

Kevin Morales
Level 1
Level 1

Hello, yes, you can do it!, the device only need to support TACACS....remember..ACS is AAA.. I used AAA with Huawei and Juniper!.

   Hi Kevin,

  Could you please help me with my config in ACS v4.2 to authenticate a non-cisco device.

  There is any web page to download the vendor specific attributes ?? It is necessary ?

  

 

Hello, Tell me, what kind of device do you want to add?

Hi again , I would like to add a Huawei S9300.

by the way I don´t have a vendor specific attributes. 

 

ok., I use this configuration in Huawei NE Router and Switch Quidway...

**************************************************************

hwtacacs-server template template_name
 hwtacacs-server authentication x.x.x.x    (IP Address ACS Server)
 hwtacacs-server authorization x.x.x.x
 hwtacacs-server accounting x.x.x.x
 hwtacacs-server source-ip y.y.y.y      (IP Address Loopback of Device)
 hwtacacs-server shared-key cipher password-tacacs
 hwtacacs-server timer response-timeout 1
 undo hwtacacs-server user-name domain-included
#
aaa
 authentication-scheme default
  authentication-mode hwtacacs local
 authorization-scheme default
  authorization-mode hwtacacs local if-authenticated
  authorization-cmd 0 hwtacacs local
  authorization-cmd 1 hwtacacs local
  authorization-cmd 15 hwtacacs local
 accounting-scheme default
  accounting-mode hwtacacs
  accounting start-fail online
 recording-scheme default                 (This is for record commands on ACS)
  recording-mode hwtacacs name_template
 cmd recording-scheme default
 domain default_admin
  authorization-scheme default
  hwtacacs-server name_template
#
user-interface vty 0 4
 authentication-mode aaa

****************************************************************************

  Thanks for the information I´m gonna probe this,

  Do I need a vendor specific attributes ?

When I try to config the ACS v4.2 with the option "Authenticate Using" i got this.

TACACS+ (CISCO IOS)
RADIUS (CISCO AIRESPACE)
RADIUS (CISCO AIRONET)
RADIUS (CISCO BBSM)
RADIUS (3COMUSR)
RADIUS (CISCO IOS/PIX 6.0)
RADIUS (CISCO VPN 3000/ASA/PIX 7.X+)
RADIUS (CISCO VPN 5000)
RADIUS (IETF)
RADIUS (ASCEND)
RADIUS (JUNIPER)
RADIUS (NORTEL)
RADIUS (Ipass)

   Which one Do I have to select to authenticate a Huawei Switch.???

Thanks so much for your help...

 I appreciate it .

use this: TACACS+ (CISCO IOS)

  Hi Kevin , I use the option TACACS+(CISCO IOS), now I can authenticate with the ACS but only by telnet .

 When I try to do it by ssh it gives me the next msg "Write failed: Broken pipe"

I´m going to look for this msg to see if I can solve this.

Thansk for everything Kevin

hi, what terminal are using you? putty or CRT?

 I use  ZOC terminal.

Hi David,

Can you use Putty as a terminal and test again. If you fail this time, please check ACS reports and activities > failed authentication and let me know.

~ Jatin

~Jatin

how do i remove a template

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hello,

Yes this can be done, if the thrid party understand radius or tacas it should not be problem.You would always need vendor specific attributes as well installed on ACS for integration with other devices.

Hope it Helps..

-GI

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: