Cisco Docs: Securing User Services Configuration>Authentication Authorization and Accounting
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/12-4t/sec-cfg-authentifcn.html
This is pretty straight forward, because on CCIE R&S exam you wont have to configure an actual ACS server. For starters be sure that the "aaa new-model" is configured.
Turn the TACACS+ authentication ON, and set LOCAL DB as backup:
(config)#aaa authentication login MYTACACS group tacacs+ local enable
*MYTACACS is the authentication policy. If you put "default" instead of specifying the policy, there is no need to assign the policy to VTY line later, it's a default policy on a device, from where ever you try to authenticate. In case you have a default policy, you need to ALSO define a NO_AUTH policy to apply where you dont want TACACS, like AUX and CONSOLE ports maybe.
Define the TACACS+ as a server, and set the Shared Secret:
(config)#tacacs-server host 10.1.1.10 key cisco
Define the source interface from which you will authenticate:
(config)#ip tacacs source-interface Loopback0
Apply the authentication settings to the VTY line:
(config-line)#login authentication MYTACACS
Test the access USERNAME/PASSWORD via TACACS:
#test aaa group tacacs+ USERNAME PASSWORD legacy
Most Popular Posts
-
Before we start, lets once again make sure we fully understand what Bridge Domain is. The bridge domain can be compared to a giant distribut... -
Ever since Cisco bought Insieme and created Cisco ACI, and VMware bought Nicira and created NSX, I've been intensively deep-diving and b...
-
[In collaboration with the guest blogger, Marc Espinosa ] Let's start with the messaging protocols, MQTT and CoAP, and consider which ... -
By know you should know the following facts about ACI: Cisco Nexus 9k Switches make the ACI Fabric, which is the Control and the Data pla... -
Get ready to have your mind blown. One of the easiest procedures I've encountered. You just need to follow these 3 steps, to migrate the...
-
The VM-Series firewall for VMware NSX is jointly developed by Palo Alto Networks and VMware. NetX APIs are used to integrate the Palo Alto N...
-
First time we “unpack” ACI, we will find a certain number of potential Spine and potential Leaf switches, and hopefully 3 (or 5) APIC Contro...
-
Google has made their Cloud Platform (GCP) so that you can host your application any way your business requires. When we talk about the ... -
Narbik Topology for web-iou Disclaimer: I DON’T OWN NOR HAVE AN ACCESS TO THE TOPOLOGY, INITIAL CONFIGS, IOU/IOL BINARIES OR ANY OTHER ... -
Before I get into the Python for NX-OS, let me explain a few concepts that I've seen Network Engineers have been struggling with. Dev...
No comments:
Post a Comment