03-06-2002 06:57 AM - edited 02-21-2020 11:38 AM
Can both RADIUS and TACACs be configured on the same box? What I would like to do is, configure Radius to Authenticate Users on TTY Lines 1-48 on a Cisco AS5200, 5300 and 5400. I would like to configure TACACS to Authenticate Users on the Console, Aux and Vty lines.
My reading of Cisco documentation so far seems to say that only TACACS OR RADIUS can be configured on a router or server, not BOTH.
03-06-2002 11:46 AM
James,
Currently we have a AS5350 box which authenticates users (dial in) via RADIUS and authenticates admins to telnet to the AS5350 using TACACS. Authentication occurs with a Cisco ACS 3.0 Win2k server. So to answer your question both work.
03-06-2002 12:35 PM
Thanks for the response! My problem now is, I have no idea how to configure this. Can you send me just the config to do this or can you direct me to info on cisco.com? My email: jim.robinson@wcom.com
03-06-2002 04:42 PM
Here is the config:
1.aaa new-model
2.aaa authentication login default group radius line
3.aaa authentication login ciscosecure group tacacs+ line
4. tacacs-server host
5. radius-server host
6. radius-server key 7
7.
line vty 0 4
exec-timeout 5 0
password 7 ********
login authentication ciscosecure
8.
line con 0
password 7 ********
login authentication ciscosecure
-------
Line 1: Basic way to start aaa
Line 2:
Say's default authen will be radius. This is used for user accessing the AS5350 through dialing in.
Line 3:
This line is there for use with logging in to vty 0 4 (ie. telnet)and console It says use tacacs first and if not avail then use line password. I would apply this to 'line vty 0 4' and 'line con 0' and aux if needed.
Lines 4 - 8 hopefully are straight forward for you to understand.
Our radius service is using RSA ACESERVER and tacacs is on a CiscoSecure ACS 4.0 on Win2k. Let me know if you need more info.
Hope this helps.
03-07-2002 06:23 AM
Thanks very much for the config info. I appreciate it greatly. I am busy now seeing if we can make this work in our AS5200s. Thanks very much!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide