TACACS+ and Cisco ACS 1

[nix45]

I'm running Cisco ACS v3.1 on a Win2K Server. We have about 50 routers here ranging from 1700s to 3700s. I've never used TACACS+ before, but I hear that you can use it to have the routers authenticate against the ACS server when your entering the telnet and enable passwords. The reason we want to use this is so that we can change all of the passwords on all of the routers at once. Are there any docs on setting this up with ACS Server?

So far, all I've done is create a AAA client on the ACS server for a single router to test it out. I assigned it TACACS+ for authentication and gave it a key (shared secret).

Thanks,
Chris

 

[IPKONFIG]

No problem, I wish I could have fixed it for you. Please let me know what TAC comes up with...I'm sure it's a simple step that we've missed...(always is)

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[nix45]

Yeah, it was something simple. Everything was set up correct, except the the AAA client on the ACS server for the router. I listed the IP of its second Ethernet interface on a 31.x subnet, while the ACS server was on a 1.x subnet, so the requests from the router were coming from its 1.x interface.

Thanks again,
Chris