ACS4.2 Setup
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
Can someone point to to a good resource for configuring a basic setup.Cisco config docs arntt up to much, i just want something simple i dont have to spend too much time on.
I just want to authenticate for now.Comms between my router and ACS is the issue.
The route config will be extremely basic:
aaa-newmodel
aaa authentication login default group tacacs enable
tacacs-server host x.x.x.x port x key cisco
Maybe you can tell me the bare minimum that needs to be configured on the ACS in order for it to authenticate.I'm not sure how i can see if my router is talking to the ACS, i've done a "show tacacs server" and see nothing is sent/received.Debug isnt showing anything interesting.
When i login i get in with enable which tells me comms to the ACS is down even though i can ping it.I'm sure its a config issue on the ACS.
Thx..
I just want to authenticate for now.Comms between my router and ACS is the issue.
The route config will be extremely basic:
aaa-newmodel
aaa authentication login default group tacacs enable
tacacs-server host x.x.x.x port x key cisco
Maybe you can tell me the bare minimum that needs to be configured on the ACS in order for it to authenticate.I'm not sure how i can see if my router is talking to the ACS, i've done a "show tacacs server" and see nothing is sent/received.Debug isnt showing anything interesting.
When i login i get in with enable which tells me comms to the ACS is down even though i can ping it.I'm sure its a config issue on the ACS.
Thx..
Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
Comments
-
mikearama Member Posts: 749I've only ever used cisco docs... and yes, they can be cryptic.
If your setup on the router is as you describe, then you just need to add the object to ACS. Under the Network Configuration heading, add an entry for the router... throw in a name, the IP, the key, and any authentication options. Submit and apply. That's the bare minimum you asked for.
Oh, and make sure you've created admin user accounts in ACS under User Setup... and make them different from the local login accounts on the router so that you can tell quickly if tacacs login was successful, or if you're still authenticating locally.
MikeThere are only 10 kinds of people... those who understand binary, and those that don't.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project. -
EdTheLad Member Posts: 2,111 ■■■■□□□□□□Thanks for that,got it sorted.Networking, sometimes i love it, mostly i hate it.Its all about the $$$$