[c-nsp] TACACS auth on PIX
mikus
der.mikus at gmail.com
Fri Oct 1 00:30:08 EDT 2004
Prit,
As far as I know, you can't configure pixen for authentication
backup methods as you do in ios. It's a real PITA, but something I
believe is still fact. If the tacacs server is unavailable, the only
thing you can do is leave console as local, or open your other remote
telnet/ssh vty with local auth and lock it down to a *secure* ip as a
filthy hack. I'd prefer if I at least had an option for local auth,
but cisco chooses not to extend its basic aaa functionality on the
pix. Feature request!
Aside from that, it's fairly easy:
aaa-server your_acs protocol tacacs+
aaa-server your_acs (internal) host 1.1.1.1 changeme_pass timeout 5
aaa-server your_acs (transit) host 2.2.2.2 changeme_pass timeout 5
aaa authentication serial console LOCAL
aaa authentication ssh console your_acs
aaa authentication http console your_acs
-mb
On Fri, 1 Oct 2004 09:20:40 +0530, Prit Patel <shahtejal at gmail.com> wrote:
> Hello All,
>
> How can i configure TACACS authentication on PIX 525 ?
> And if TACACS server is not available then it should able to
> authenticate locally.
>
> Regards
> Shah
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list