01-22-2008 02:17 PM - edited 03-10-2019 03:36 PM
Hi,
I have enabled TACACS+ authentication and authorization for my networking devices.
I can also access these devices through my terminal server (cisco router). Telnet Access to the terminal server itself is authenticated with ACS.
My problem is that after a user logs on to the terminal server, the user is able to logon to other networking devices without having to provide the credentials. How do I make it mandatory for a user to provide TACACS+ credentials for devices connected to the terminal server?
I have enabled AAA for console and VTY access on the terminal server and the devices.
Regards,
Suresh
01-28-2008 11:38 AM
The authentication, authorization, and accounting (AAA) mechanism verifies the identity of, grants access to, and tracks the actions of users managing a switch. All Cisco MDS 9000 Family switches use Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) protocols to provide solutions using remote AAA servers.
Based on the user ID and password combination provided, switches perform local authentication or authorization using the local database or remote authentication or authorization using AAA server(s). A preshared secret key provides security for communication between the switch and AAA servers. This secret key can be configured for all AAA server or for only a specific AAA server. This security mechanism provides a central management capability for AAA servers.
Refer to Configuring RADIUS and TACACS+ for more information
01-28-2008 12:27 PM
You have to enable AAA on both the Terminal
Server TTY line and the networking devices
console port that connected to the Terminal
Server.
CCIE security
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide