I have enabled TACACS+ authentication and authorization for my networking devices.
I can also access these devices through my terminal server (cisco router). Telnet Access to the terminal server itself is authenticated with ACS.
My problem is that after a user logs on to the terminal server, the user is able to logon to other networking devices without having to provide the credentials. How do I make it mandatory for a user to provide TACACS+ credentials for devices connected to the terminal server?
I have enabled AAA for console and VTY access on the terminal server and the devices.
The authentication, authorization, and accounting (AAA) mechanism verifies the identity of, grants access to, and tracks the actions of users managing a switch. All Cisco MDS 9000 Family switches use Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) protocols to provide solutions using remote AAA servers.
Based on the user ID and password combination provided, switches perform local authentication or authorization using the local database or remote authentication or authorization using AAA server(s). A preshared secret key provides security for communication between the switch and AAA servers. This secret key can be configured for all AAA server or for only a specific AAA server. This security mechanism provides a central management capability for AAA servers.
Refer to Configuring RADIUS and TACACS+ for more information
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...