Re: AAA authorization against another router

From: Troy Rader (troy@xxxxxxxxxx)
Date: Fri Jan 04 2002 - 01:17:12 GMT-3

• Next message: ketan.paralkar: "INTRODUCTION"
• Previous message: CCIE Lab: "CLNS routing"
• Maybe in reply to: Andy Pilcher: "AAA authorization against another router"
• Next in thread: Cassidy D. Smith: "Re: AAA authorization against another router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Cisco offers a free, unsupported tacacs+ server called tac_plus. We're
running it on Solaris, and I'm uncertain about Windows support, but I doubt
it. I only started using it a month ago, but it has not had a single
problem. I had one of our Solaris admin's compile it for me, but after
that, the setup was not too difficult. My understanding is that this is a
developer's kit, so it's like the guts of Cisco Secure, without the GUI and
extras, although I'm not 100% positive about that.

----- Original Message -----
From: "Banyong, Don" <Don.Banyong@NASD.com>
To: "'Andy Pilcher'" <andypilcher2@earthlink.net>; <ccielab@groupstudy.com>
Sent: Thursday, January 03, 2002 9:20 PM
Subject: RE: AAA authorization against another router

> To my knowledge, this is not possible. A Cisco router is not a Radius nor
a
> TACACS server. Cisco cells a product that handles TACACS and RADIUS via
NDS,
> NT SAM or any local database. This product is called Cisco Secure.
>
> A cheap and probably free solution is Windows 2000 Internet Authentication
> Service. It provides Radius aaa service but good luck trying to configure
> it. Are there any Linux freebies on TACACS?
>
> Thanks,
> Don
>
> -----Original Message-----
> From: Andy Pilcher [mailto:andypilcher2@earthlink.net]
> Sent: Thursday, January 03, 2002 9:20 PM
> To: ccielab@groupstudy.com
> Subject: AAA authorization against another router
>
>
> Folks,
>
> Is there a way to make aaa authorization on one Cisco router key off of
> another Cisco router's user database? I'm looking all over the Cisco
> documentation site for it, but the only aaa authorization methods I can
> find are the following:
>
> group radius
> group tacacs+
> group (radius/tacacs+ server subset)
> if-authenticated
> (none)
> local
> krb5-instance
>
> That's what's documented in the command reference for aaa
> authorization. But I don't believe any of these let you authorize
> against another Cisco router (the closest is "local"), unless there is
> some way of telling the other router to act as a radius or a tacacs+
> server. Is that possible?
>
> Thanx in advance.
>
> Andy Pilcher,
> CCIE Wannabe

• Next message: ketan.paralkar: "INTRODUCTION"
• Previous message: CCIE Lab: "CLNS routing"
• Maybe in reply to: Andy Pilcher: "AAA authorization against another router"
• Next in thread: Cassidy D. Smith: "Re: AAA authorization against another router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:15 GMT-3