[c-nsp] running radius/tacacs+ on the same router

virendra rode // virendra.rode at gmail.com
Fri Jun 15 00:44:06 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Has anyone configured tacacs+ and radius to be used on the same router
for same types of access modes? If so, like to hear your thoughts. This
setup is due to a multivendor environment that my client is running.

some basic questions,

a. would a router authenticate tacacs+ and radius simultaneously
for single user for same types of access modes? For example,

aaa new-model
aaa authentication login default group tacacs+|radius line
aaa authorization exec default group tacacs+|radius if-authenticated
aaa authorization commands 7 group tacacs+|radius if-authenticated
aaa authorization console
tacacs-server host 192.168.0.101
tacacs-server key debian
radius-server host 172.68.0.101
radius-server key debian


b. what happens (for sake of this example) if user is not known to the
tacacs+ (user got deleted, unreachable, timeout, etc), would the request
be passed onto the radius server?


Any insight will be appreciated.



regards,
/virendra










-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGchkWpbZvCIJx1bcRAha4AJ9H3+3mcvunqBPVccGdDqooTLfeEgCghLAA
lnJE6AmadmCtR2UDkaQGNSE=
=zno4
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list