we are planning to implement the cisco secure ACS for authentication, authorization and accounting for devices on our network. First I make a search on cisco documentation and i found a lot of information about installation and configuration of acs on windows , but did not found any example about configuration of cisco devices for implementation of aaa on these devices.
Yes, Yes, and Yes. controlling through vty will be your telnet sessions which is the access method you will most likely use to authenticate to your devices. If you want strong security I would reccomend using SSH, but telnet will be just fine. Once you set this all up the first time it will all seem clear.
First what you need to do is setup a group on your domain controller where active directory is installed and create a new group. Put your users who will be able to access the network devices in the group. After you have installed ACS is what you do is may using an external database to your windows server active directory group you created. You will need to install the remote agent on the domain controller or the server where you active directory is installed. There is a bit more configuration of the ACS server for the network devices. Check out this link: http://www.cisco.com/application/pdf/en/us/guest/products/ps407/c1629/ccmigration_09186a00801085d0.pdf
On the routers and switches you will need to use the below configurations. This is for TACACS authentication. If you have a ACS this is probably the way you want to go.
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
You could always hire me for a small fee to help you with the configuration. ;-)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...