Hey all,
I'm trying to get dot1x to authenticate using RADIUS through SecureACS but I also want TACACS+ command authoirzation. Theoretically, I can create a "virtual" interface and assign all outgoing tacacs packets to there so you can have that same switch be added to ACS twice but this doesn't seem to work (though from the config samples it should).
This is what I have down:
aaa new-model aaa authentication login default group tacacs+ local aaa authentication login not_auth none aaa authentication enable default group tacacs+ enable aaa authentication dot1x default group radius aaa authorization config-commands aaa authorization exec default group tacacs+ local aaa authorization commands 15 default group tacacs+ none aaa accounting auth-proxy default start-stop group tacacs+
interface Loopback0 ip address 192.168.2.2 255.255.255.0
ip tacacs source-interface Loopback0
Both tacacs+ and radius servers are the same IP. Is there any other command I am missing?
Thanks.