From: Banyong, Don (Don.Banyong@xxxxxxxx)
Date: Fri Jan 04 2002 - 00:20:04 GMT-3
To my knowledge, this is not possible. A Cisco router is not a Radius nor a
TACACS server. Cisco cells a product that handles TACACS and RADIUS via NDS,
NT SAM or any local database. This product is called Cisco Secure.
A cheap and probably free solution is Windows 2000 Internet Authentication
Service. It provides Radius aaa service but good luck trying to configure
it. Are there any Linux freebies on TACACS?
Thanks,
Don
-----Original Message-----
From: Andy Pilcher [mailto:andypilcher2@earthlink.net]
Sent: Thursday, January 03, 2002 9:20 PM
To: ccielab@groupstudy.com
Subject: AAA authorization against another router
Folks,
Is there a way to make aaa authorization on one Cisco router key off of
another Cisco router's user database? I'm looking all over the Cisco
documentation site for it, but the only aaa authorization methods I can
find are the following:
group radius
group tacacs+
group (radius/tacacs+ server subset)
if-authenticated
(none)
local
krb5-instance
That's what's documented in the command reference for aaa
authorization. But I don't believe any of these let you authorize
against another Cisco router (the closest is "local"), unless there is
some way of telling the other router to act as a radius or a tacacs+
server. Is that possible?
Thanx in advance.
Andy Pilcher,
CCIE Wannabe
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:15 GMT-3