From: Vazman@aol.com
Date: Fri Jul 30 2004 - 16:03:46 GMT-3
You can define separate method lists that point to different servers -
for example -
aaa authentication login LIST1 group tacacs
aaa authentication login LIST2 group radius
and then apply LIST1 for console authentication and LIST2 for vty authentication.
You can also do something like -
aaa authentication login LIST1 group tacacs group radius local
In this case the tacacs servers will be checked first, if they are not reachable then the radius servers and lastly local authentication.
HTH
Vazman
In a message dated 7/30/2004 1:22:37 PM Eastern Daylight Time, "Henry Chou" <henchou@hotmail.com> writes:
>In Henry Benjamin's CCIE Self-Study CCIE Security Exam Certification Guide,
>Pg 224, it says, "You can configure both RADIUS and TACACS+ concurrently on
>a Cisco router provided that you have defined different list names and
>applied the list to different interfaces."
>
>I don't quite understand what that means. Can someone help me understand
>this statement?
>
>I thought you can have a statement such as:
>
>aaa authen ppp default group tacacs+ group radius local, interface se 0, ppp
>authen default?
>
>Is this correct?
>
>Thanks much
>
>--Henry
>
>_________________________________________________________________
>Express yourself instantly with MSN Messenger! Download today - it's FREE!
>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:07 GMT-3