Hi all,
We have this network with aironet components. The users (the ones who connect to the network) are authenticated using radius.
We (the ones who manage teh switches) are authenticated through tacacs+
We have a VBI interface and a loopback interface in the aironet. Radius authentication has as source interface the BVI and the tacacs+ authentication uses the loopback.
We thought about setting the authentication for both over the VBI interface so we do not need the other subnet(loopback interface subnet)
The problem is that in ACS when I try to add the ip range to the tacacs+ it says it is already used somewhere. Low and behold.. it is in use by radius.
Is it wise to use the same interface for both authentications?
Is it possible to use the same interface for authentication? and if so... how?
InDenial
We have this network with aironet components. The users (the ones who connect to the network) are authenticated using radius.
We (the ones who manage teh switches) are authenticated through tacacs+
We have a VBI interface and a loopback interface in the aironet. Radius authentication has as source interface the BVI and the tacacs+ authentication uses the loopback.
We thought about setting the authentication for both over the VBI interface so we do not need the other subnet(loopback interface subnet)
The problem is that in ACS when I try to add the ip range to the tacacs+ it says it is already used somewhere. Low and behold.. it is in use by radius.
Is it wise to use the same interface for both authentications?
Is it possible to use the same interface for authentication? and if so... how?
InDenial