Acs aaa tacacs +

Source: Internet
Author: User

1. Authentication)

1.1 ACSAdd AAA Client

1. Enter ACS, click network configuration,

 

2. Click Add entry to add AAA Client

 

3. Enter the hostname, Client IP add, shared secret, and authenticate using, select TACACS + (Cisco IOS), and click Submit + apply.

 

1.2Switch configuration:

Switch (config) Aaa New-Model

Switch (config) tacacs-server host 192.168.2.1 key Cisco

Switch (config) Aaa authentication login default group TACACS + local

Switch (config) # Line vty 0 4

Switch (config-line) # login authentication default

 

We recommend that you configure a local user as an alternative:

Username XXXX privi 15 Secret xxxx

 

2. Authorization)

 

 

 

 

 

 1. ACSSet User Permissions On

1. Select Interface Configuration à TACACS + (Cisco IOS) on ACS)

2. Check the user's shell (EXEC) menu, and add the shell option in the user configuration parameters.

 

 

3. Check that the following options are selected under Interface Configuration à advanced options.

 

4. Click User setup, select a user, and click Edit to edit parameters.

5. Select shell (EXEC) and set privilege level to 10. Then, you can only execute level 10 commands.

2.Switch configuration

2.1Define level 10 locally

Privilege interface level 10 Shutdown

Privilege interface level 10 No

Privilege interface level 10 SW

Privilege interface level 10 description

Privilege configure level 10 Interface

Privilege interface level 10 show run

Privilege interface level 10 show startup

Privilege Exec level 10 configure

Privilege Exec level 10 configure Terminal

Privilige Exec level 10 wirte

Privilige Exec level 10 wirte memory

 

 

2.2EnableAuthorization verification and application to teletLogin

Switch (config) Aaa authorization exec default group TACACS + local

Switch (config) # Line vty 0 4

Switch (config-line) # authorization exec default

 

Iii. Auditing

1.Switch configuration:

Switch (config) Aaa accounting exec default start-stop group TACACS +

Switch (config) Aaa accounting commands 0 default start-stop group TACACS +

Switch (config) Aaa accounting commands 1 default start-stop group TACACS +

Switch (config) Aaa accounting commands 10 default start-stop group TACACS +

Switch (config) Aaa accounting commands 15 default start-stop group TACACS +

 

Switch (config) # Line vty 0 4

Switch (config-line) # accounting exec default

Switch (config-line) # accounting commands 0 default

Switch (config-line) # accounting commands 1 default

Switch (config-line) # accounting commands 10 default

Switch (config-line) # accounting commands 15 default

 

View audit results on ACS

Select reports and activity à TACACS + adminià à TACACS + adminiactiveactive.csv to display the audit results of the current day;

 

 

 

 

Audit results include time, Login User, commands used by the user, and IP address of the device.

 

All configurations:

! Hostname Switch

!

Username XXX privilege 15 Secret 5 $1 $ 2a3r $ cnauxylgipgtibcqqh78h/

!

!

AAA authentication login default group TACACS + local

AAA authorization exec default group TACACS + local

AAA accounting exec default start-stop group TACACS +

AAA accounting commands 0 default start-stop group TACACS +

AAA accounting commands 1 default start-stop group TACACS +

AAA accounting commands 10 default start-stop group TACACS +

AAA accounting commands 15 default start-stop group TACACS +

 

! AAA New-Model

Tacacs-server host 192.168.2.1 key Cisco

Tacacs-server directed-Request

 

Privilege interface level 10 Shutdown

Privilege interface level 10 No

Privilege interface level 10 SW

Privilege interface level 10 description

Privilege configure level 10 Interface

Privilege Exec level 10 configure

Privilege Exec level 10 configure Terminal

Privilege Exec level 10 show run

Privilege Exec level 10 show startup

Privilege Exec level 10 write

Privilege Exec level 10 write memory

Line vty 0 4

Login authentication default

Authorization exec default

Accounting exec default

Accounting commands 0 default

Accounting commands 1 default

Accounting commands 10 default

Accounting commands 15 default

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.