[c-nsp] Cisco ACS question

Andrew Gabriel mailandrewg at gmail.com
Thu Feb 4 08:48:12 EST 2010

I don't have a lot of experience with Cisco ACS boxes and the Cisco
documentation doesn't explain this clearly so am hoping somebody could share
their experience or provide some ideas.

We have 2 Cisco ACS boxes (4.2) that are currently used for providing Radius
authentication to wireless users (Cisco WLC). At the back end it is linked
to our Microsoft Active Directory and the ACS doesn't have any user
accounts, it just interfaces between the Active Directory servers and the
wireless clients.

My question is, how do I use the existing ACS severs to run Radius and
TACACS for AAA for various network devices on the network. In other words,
how do I run a separate set of authentication for the network engineers to
manage their devices, using the existing ACS infrastructure, without:

   1. Disrupting or changing the existing authentication for Wireless
   2. Allowing any general wireless user to authenticate to our network
   devices (I don't mind having a separate AD group for the network admins so
   the rest of the users can be filtered, or even manually setting up local
   accounts for the few network engineers on the ACS boxes).

Would appreciate any suggestions or ideas.


More information about the cisco-nsp mailing list