Acs aaa tacacs +

Last Update:2014-07-10 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

1. Authentication)

1.1 ACSAdd AAA Client

1. Enter ACS, click network configuration,

2. Click Add entry to add AAA Client

3. Enter the hostname, Client IP add, shared secret, and authenticate using, select TACACS + (Cisco IOS), and click Submit + apply.

1.2Switch configuration:

Switch (config) Aaa New-Model

Switch (config) tacacs-server host 192.168.2.1 key Cisco

Switch (config) Aaa authentication login default group TACACS + local

Switch (config) # Line vty 0 4

Switch (config-line) # login authentication default

We recommend that you configure a local user as an alternative:

Username XXXX privi 15 Secret xxxx

2. Authorization)

1. ACSSet User Permissions On

1. Select Interface Configuration à TACACS + (Cisco IOS) on ACS)

2. Check the user's shell (EXEC) menu, and add the shell option in the user configuration parameters.

3. Check that the following options are selected under Interface Configuration à advanced options.

4. Click User setup, select a user, and click Edit to edit parameters.

5. Select shell (EXEC) and set privilege level to 10. Then, you can only execute level 10 commands.

2.Switch configuration

2.1Define level 10 locally

Privilege interface level 10 Shutdown

Privilege interface level 10 No

Privilege interface level 10 SW

Privilege interface level 10 description

Privilege configure level 10 Interface

Privilege interface level 10 show run

Privilege interface level 10 show startup

Privilege Exec level 10 configure

Privilege Exec level 10 configure Terminal

Privilige Exec level 10 wirte

Privilige Exec level 10 wirte memory

2.2EnableAuthorization verification and application to teletLogin

Switch (config) Aaa authorization exec default group TACACS + local

Switch (config) # Line vty 0 4

Switch (config-line) # authorization exec default

Iii. Auditing

1.Switch configuration:

Switch (config) Aaa accounting exec default start-stop group TACACS +

Switch (config) Aaa accounting commands 0 default start-stop group TACACS +

Switch (config) Aaa accounting commands 1 default start-stop group TACACS +

Switch (config) Aaa accounting commands 10 default start-stop group TACACS +

Switch (config) Aaa accounting commands 15 default start-stop group TACACS +

Switch (config) # Line vty 0 4

Switch (config-line) # accounting exec default

Switch (config-line) # accounting commands 0 default

Switch (config-line) # accounting commands 1 default

Switch (config-line) # accounting commands 10 default

Switch (config-line) # accounting commands 15 default

View audit results on ACS

Select reports and activity à TACACS + adminià à TACACS + adminiactiveactive.csv to display the audit results of the current day;

Audit results include time, Login User, commands used by the user, and IP address of the device.

All configurations:

! Hostname Switch

Username XXX privilege 15 Secret 5 $1 $ 2a3r $ cnauxylgipgtibcqqh78h/

AAA authentication login default group TACACS + local

AAA authorization exec default group TACACS + local

AAA accounting exec default start-stop group TACACS +

AAA accounting commands 0 default start-stop group TACACS +

AAA accounting commands 1 default start-stop group TACACS +

AAA accounting commands 10 default start-stop group TACACS +

AAA accounting commands 15 default start-stop group TACACS +

! AAA New-Model

Tacacs-server host 192.168.2.1 key Cisco

Tacacs-server directed-Request

Privilege interface level 10 Shutdown

Privilege interface level 10 No

Privilege interface level 10 SW

Privilege interface level 10 description

Privilege configure level 10 Interface

Privilege Exec level 10 configure

Privilege Exec level 10 configure Terminal

Privilege Exec level 10 show run

Privilege Exec level 10 show startup

Privilege Exec level 10 write

Privilege Exec level 10 write memory

Line vty 0 4

Authorization exec default

Accounting exec default

Accounting commands 0 default

Accounting commands 1 default

Accounting commands 10 default

Accounting commands 15 default

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Acs aaa tacacs +

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support

Acs aaa tacacs +

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

Trending Topic

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support