Combining both TACACS+ and RADIUS

From: "psychogenic" <angrylife@xxxxxxxxx>
Date: 8 May 2006 13:31:12 -0700

Hey all,

I'm trying to get dot1x to authenticate using RADIUS through SecureACS
but I also want TACACS+ command authoirzation. Theoretically, I can
create a "virtual" interface and assign all outgoing tacacs packets to
there so you can have that same switch be added to ACS twice but this
doesn't seem to work (though from the config samples it should).

This is what I have down:

aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login not_auth none
aaa authentication enable default group tacacs+ enable
aaa authentication dot1x default group radius
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ none
aaa accounting auth-proxy default start-stop group tacacs+

interface Loopback0
ip address 192.168.2.2 255.255.255.0

ip tacacs source-interface Loopback0

Both tacacs+ and radius servers are the same IP. Is there any other
command I am missing?

Thanks.

.

Follow-Ups:
- Re: Combining both TACACS+ and RADIUS
  - From: Slawomir Furmanek

Prev by Date: Re: 3825 or 2800 series ? Any advice..?
Next by Date: Re: Wireless Clients Cannot Connect to Each Other
Previous by thread: Catalyst 3560 causing switches to freeze?
Next by thread: Re: Combining both TACACS+ and RADIUS
Index(es):
- Date
- Thread

Relevant Pages

[NEWS] TACACS+ Authentication Bypass in Cisco Anomaly Detection and Mitigation Products
... TACACS+ Authentication Bypass in Cisco Anomaly Detection and Mitigation ... The aaa authentication login tacacs+ command configures TACACS+ ...
(Securiteam)
Re: AAA allowing local authentication with TACACS+ configured.
... turning tacacs debugging on. ... I figures this also meant deny local authentication if TACACS+ ... But I can still login using local credentials ... "A FAIL response is significantly different from an ERROR. ...
(comp.dcom.sys.cisco)
Re: tacacs and 2950
... Just as a test I created another account in active directory and that one ... >I cannot get the tacacs authentication to work on our 2950's. ... > aaa authentication login MYGROUP group tacacs+ local line enable ...
(comp.dcom.sys.cisco)
tacacs and 2950
... I cannot get the tacacs authentication to work on our 2950's. ... aaa authentication login MYGROUP group tacacs+ local line enable ... I have listed the commands that are part of the tacacs config I am using. ...
(comp.dcom.sys.cisco)
Re: Combining both TACACS+ and RADIUS
... I'm trying to get dot1x to authenticate using RADIUS through SecureACS ... but I also want TACACS+ command authoirzation. ... aaa authentication login default group tacacs+ local ... aaa authentication enable default group tacacs+ enable ...
(comp.dcom.sys.cisco)