Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco Secure ACS

Status
Not open for further replies.
Jbabio

Jbabio

MIS
May 27, 2004
30
US
OK, I am trying to get our cisco switches to authenticate through a tacacs server. When a config aaa new model on the switches and tell it aaa authentication default group tacacs+ it does not accepts the proper username and password. I configured the secure acs with aaa server tacacs and also assigned a user to use tacacs. Could someone help me out. What is the proper way to configure the ACS to work properly with switch.

JOhn B. CCNA, MCSA, NETWORK+, A+
 
Sort by date Sort by votes
can you post your configuration for the aaa stuff from the switch that you are trying to authenticate from?

the acs has to be aware of the ip address of the switch as well so that it can send back information to authenticate with. this must be setup in the acs. the router must have the tacacs server host ip set up as well as any key information that you need to provide. both server and router need to have this information. you may also want to try debugging tacacs and logging in twice to see what is happening during authentication.
 
Upvote 0 Downvote
I figurered out how to set it up but i have a little problem. Any of the local cisco secure users can log into the switch. I want to make it so only one user can log into a switch using the cisco secure server. Our current setup is secure users and active directory to authenticate the wireless users. I tried using network access portion of the cisco secure user settings but it didnt work. HELP!

JOhn B. CCNA, MCSA, NETWORK+, A+
 
Upvote 0 Downvote
what does you aaa authentication configuration lines look like in your configuration

so you don't want local users to be able to login into the switch. you want only ACS users to login?
 
Upvote 0 Downvote
NO, he wants to make only certain users of the ACS database to be able to login to the devices.
 
Upvote 0 Downvote
I want exactly what buckweet just said. I tried everything i could to try to make it work. Just need a little help.

JOhn B. CCNA, MCSA, NETWORK+, A+
 
Upvote 0 Downvote
Did you suss this one out if not I have working config :)

 
Upvote 0 Downvote
ya im still working on this, what ya got?

JOhn B. CCNA, MCSA, NETWORK+, A+
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
230
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
213
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
209
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
214
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
270
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top