Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1426
Views
6
Helpful
4
Replies

Reg: Configuration of AAA using TACACS+

cisco.anubhav
Level 1
Level 1

‎05-10-2010 04:49 AM - edited ‎03-10-2019 05:07 PM

Hi,

I am Anubhav ,i m new to TACACS+ server and trying to implement aaa authentication using Cisco TACACS+ Server for which i've decided following AAA commands and a fall back user user1 has been configured on router to be authenticated.

aaa authentication login default group tacacs+ local
aaa authentication login NO_AUTHEN none
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization exec NO_AUTHOR none
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 1 NO_AUTHOR none
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization commands 15 NO_AUTHOR none
aaa authorization network serial none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
aaa session-id common:purpose of this line ?

Kindly check if it's ok and i might not get locked out.acs server has been defined on router .kindly guide us on steps to configure the user ,group ,privilege level on TACACS.

Thanks.

Labels:
0 Helpful
4 Replies 4

Javier Henderson
Level 4
Level 4

‎05-11-2010 12:22 PM

You can view the documentation on this command at the following URL:

http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_a1g.html#wp1073858

Jatin Katyal
Cisco Employee
Cisco Employee
In response to Javier Henderson

‎05-12-2010 02:48 AM

Anubhav,


In order to configure different kind of privelege level, you may visit the below listed doc


ACS Shell Command Authorization Sets on IOS

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#backinfo

Regds,

JK


Do rate helpful posts-

~Jatin

cisco.anubhav
Level 1
Level 1
In response to Jatin Katyal

‎05-16-2010 05:38 AM

Hi,

As I ve written in my previous post that i ve configured acs-server host and key on router , i ve created a user name test 1 on acs and added ,the router through add AAA client and Secure as shared Key.I must mention that i am using a Cisco 3845 router connected on my LAN for testing ACS and I have access to it through console as well.What else should I do on acs4.2 to get it authenticated by TACACS server ,also if i have more routers to add ,could i create a group in the same way and add AAA clients,Kindly suggest if my approach is correct.will there be separate users for each AAA client or same user can be used for all AAA clients for authentication through ACS if they are assigned to same group or if they are in Default group.

Also how to implement policies on a group(say:security).Is there any screenshots tutorial available for the same.

Thanks,

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to cisco.anubhav

‎05-16-2010 06:00 AM

Hi,

This is the user guide that should help you:

http://cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/acsuserguide.html

The router has to be configured to ''talk'' to the ACS.

The router has to be a AAA client and the ACS a AAA server (both sharing the same secret-key)

You can also create groups and policies for the same devices, hope the above link will help you.

Federico.

0 Helpful
Customers Also Viewed These Support Documents