AAA on Terminal Server

sureshkrishnan · ‎01-22-2008

Hi,

I have enabled TACACS+ authentication and authorization for my networking devices.

I can also access these devices through my terminal server (cisco router). Telnet Access to the terminal server itself is authenticated with ACS.

My problem is that after a user logs on to the terminal server, the user is able to logon to other networking devices without having to provide the credentials. How do I make it mandatory for a user to provide TACACS+ credentials for devices connected to the terminal server?

I have enabled AAA for console and VTY access on the terminal server and the devices.

Regards,

Suresh

jbayuka · ‎01-28-2008

The authentication, authorization, and accounting (AAA) mechanism verifies the identity of, grants access to, and tracks the actions of users managing a switch. All Cisco MDS 9000 Family switches use Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) protocols to provide solutions using remote AAA servers.

Based on the user ID and password combination provided, switches perform local authentication or authorization using the local database or remote authentication or authorization using AAA server(s). A preshared secret key provides security for communication between the switch and AAA servers. This secret key can be configured for all AAA server or for only a specific AAA server. This security mechanism provides a central management capability for AAA servers.

Refer to Configuring RADIUS and TACACS+ for more information

http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_2_x/san-os/configuration/guide/cradtac.html

cisco24x7 · ‎01-28-2008

You have to enable AAA on both the Terminal

Server TTY line and the networking devices

console port that connected to the Terminal

Server.

CCIE security