I currently have TACACS+ setup on a Redhat server that's authenticating network admins against Active Directory when they attempt to log into a network device either by SSH or through the console. This part is working great.
I now want to implement port based authentication (802.1x or NAC) for devices that get plugged into the switches. My current understanding (which is very limited) is that I need to setup a RADIUS server and then configure the switches to authenticate devices through the RADIUS server. What I can't seem to grasp is how I can configure a switch with AAA to continue to authenticate network admin account logins to the switch via TACACS+ while authenticating device access to its ports via RADIUS.
Is this even possible? Every time I try to research this it seems its always be TACACS+ VS/OR RADIUS and never TACACS AND RADIUS.
As an aside, does anyone know of any 802.1x specific training that they'd recommend to me? I probably need some formal training on this before I truly grasp how this all works together.
No comments:
Post a Comment