RE: ACS using both Radius & Tacacs+ simultaneously

From: Alec (packtmon@yahoo.com)
Date: Tue Dec 12 2006 - 20:55:35 ART

• Next message: Brad Ellis: "Re: chipset on IDS-4FE-INT"
• Previous message: Brad Ellis: "chipset on IDS-4FE-INT"
• Maybe in reply to: Alec: "ACS using both Radius & Tacacs+ simultaneously"
• Next in thread: Ivan: "Re: ACS using both Radius & Tacacs+ simultaneously"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey Christopher,
  
  This is great to know. Thanks for posting this info.
  
  But, thinking about what you're saying, I'm not sure how this would be configured on the AAA client side.
  
  When the protocol (Tacacs or Radius) is specified, you can only enter one protocol. So, would you config 2 AAA groups, one for Tacacs and another for Radius and just point each group to the same ACS server address?
  
  Also, how is this configured on the ACS side?
  
  Thanks again, A
  

"Christopher M. Heffner" <cheffner@certified-labs.com> wrote: Actually this changed in 3.3 ACS code.

You can now have a device communicate to the same ACS via TACACS and
RADIUS at the same time.

HTH

Christopher M. Heffner, CCIE 8211, CCSI 98760
Strategic Network Solutions, Inc.
 
 
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tony Schaffran
Sent: Tuesday, December 12, 2006 3:03 PM
To: 'Alec'; 'Group Study'
Subject: RE: ACS using both Radius & Tacacs+ simultaneously

Unless it has changed in version 4.0, that is not possible.

You can only have one entry for each network device and it needs to be
configured as a TACACS or RADIUS client, not both.

Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
 
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Alec
Sent: Tuesday, December 12, 2006 9:15 AM
To: Group Study
Subject: ACS using both Radius & Tacacs+ simultaneously

Hi all,
   
  I noticed that some ACS features require Radius eg downloadable acl's
while other features require Tacacs+ eg command accounting.
   
  If I wanted to use both features but only had a single ACS server
would
that be possble?
   
  If so, how would I configure a single ACS to run both Tacacs+ and
Radius
simultaneously?
   
  Thanks in advance

  
---------------------------------
Everyone is raving about the all-new Yahoo! Mail beta.

• Next message: Brad Ellis: "Re: chipset on IDS-4FE-INT"
• Previous message: Brad Ellis: "chipset on IDS-4FE-INT"
• Maybe in reply to: Alec: "ACS using both Radius & Tacacs+ simultaneously"
• Next in thread: Ivan: "Re: ACS using both Radius & Tacacs+ simultaneously"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:37 ART