Search this Blog

Thursday, March 14, 2013

Multiple Tacacs Groups for different Interfaces on a Router

A Cisco 888 is managed by us and a Provider Support Team. Since we both want to access our own TACACS Server, we want to create two TACACS Groups. Is it possible for us, to bind a Tacacs Group to one Interface, and the second TACACS Group to another ?

Means that our stuff is connecting to the LAN Interface FastEthernet0 that is applied to the SVI in VLAN 1.The service technicans from the Provider are connecting to the external Interface or through a possible Lo. (another IP). We do not want to mix our 2 TACACS+ Server and their's together in one Group. So have anybody tried this before ?

 
Please follows the steps below

- create one tacacs goup that specifies his authentication servers. Perhaps name it OURS.
-create one tacacs group that specifies the authentication servers for the Provider Support Team. Perhaps name it PST.
-create one named authentication method to authenticate using group OURS. Perhaps call the method INTERNAL.
- create one named authentication method to authenticate using group PST. Perhaps call the method EXTERNAL.
- configure several vty ports specifying authentication method INTERNAL and specifying transport input telnet.
- configure several other vty ports specifying authentication method EXTERNAL and specifying transport input ssh.

Then if the Provider Support Team will SSH to the router they will use the vty that authenticates with their tacacs server. And if he will telnet to the router then he will use the vty that authenticates with his tacacs server.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others

No comments :

Post a Comment

 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */