Lab Minutes Forum

Technical Discussion => Security => Topic started by: Ted on April 02, 2014, 05:35:00 AM

Title: dot1x wired config
Post by: Ted on April 02, 2014, 05:35:00 AM
Hi All,

This is regarding ise dotx configs for a switch. If the switch is already being managed by ACS using tacacs for authorization is it possible to have the tacacs and radius working together for authorization?
ex-
aaa group server radius ISE_GROUP
server nme psn01
server name psn 02

aaa authorization network default group ISE_GROUP group tacacs+ local

Thanks
G
Title: Re: dot1x wired config
Post by: MC on April 02, 2014, 12:05:45 PM
Authorization for device admin (eg. exec, command) is different from dot1x authorization (eg. network) so you would only use Tacacs for the former and RADIUS for the latter. So.. Yes.. They can co-exist.
SimplePortal 2.3.7 © 2008-2024, SimplePortal