Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
247
Views
0
Helpful
1
Replies

AAA with different tacacs server for different admins

whistleblower14
Level 1
Level 1

‎10-16-2018 11:25 AM - edited ‎03-08-2019 04:24 PM

hi @Aliki

I've a question according the authentication for different management users=different source ip-subnets accessing a switch (via telnet and/or ssh) and get AAA against two different servers... is there a way to accomplish this on the device itself?

 

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎10-16-2018 12:52 PM

I do not claim that this is a good solution but believe that it will accomplish what you ask.

- configure a tacacs server group (perhaps called atelnet) and put one of your tacacs servers into this group

- configure a second tacacs server group (perhaps called assh) and put your other tacacs server into this group

- configure a named authentication method (perhaps called authtelnet) and have it use group atelnet.

- configure a second named authentication method (perhaps called authssh) and have it use group assh.

- configure a group of vty ports to use only telnet.

- configure that group of vty ports to use authentication authtelnet.

- configure the rest of the vty ports to use only ssh.

- configure that group of vty ports to use authentication authssh.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card