Cisco Docs: Securing User Services Configuration>Authentication Authorization and Accounting
This is pretty straight forward, because on CCIE R&S exam you wont have to configure an actual ACS server. For starters be sure that the "aaa new-model" is configured.
Turn the TACACS+ authentication ON, and set LOCAL DB as backup:
(config)#aaa authentication login MYTACACS group tacacs+ local enable
*MYTACACS is the authentication policy. If you put "default" instead of specifying the policy, there is no need to assign the policy to VTY line later, it's a default policy on a device, from where ever you try to authenticate. In case you have a default policy, you need to ALSO define a NO_AUTH policy to apply where you dont want TACACS, like AUX and CONSOLE ports maybe.
Define the TACACS+ as a server, and set the Shared Secret:
(config)#tacacs-server host 10.1.1.10 key cisco
Define the source interface from which you will authenticate:
(config)#ip tacacs source-interface Loopback0
Apply the authentication settings to the VTY line:
(config-line)#login authentication MYTACACS
Test the access USERNAME/PASSWORD via TACACS:
#test aaa group tacacs+ USERNAME PASSWORD legacy
Most Popular Posts
First of all, I need to explain why I decided to write such a post. It's quite simple to everyone who ever tried to Deploy/Configure/Und...
[In collaboration with the guest blogger, Marc Espinosa ] Let's start with the messaging protocols, MQTT and CoAP, and consider which ...
Ever since Cisco bought Insieme and created Cisco ACI, and VMware bought Nicira and created NSX, I've been intensively deep-diving and b...
Before we get deeper into the ACI (Application Centric Infrastructure) as the Cisco's official SDN solution, we need to clarify a few te...
The VM-Series firewall for VMware NSX is jointly developed by Palo Alto Networks and VMware. NetX APIs are used to integrate the Palo Alto N...
After a few months of heavy preps, I managed to pass the exam. I got the electronic certificate, and supposedly I'll get a Cloud Archite...
Having spent quite some time with Linux and Kubernetes admins, I've come to realize that networking isn't one of their strong si...
Before we start, lets once again make sure we fully understand what Bridge Domain is. The bridge domain can be compared to a giant distribut...
It's 2018, and looking back at 2017 I must say that I'm quite happy, because having all in mind - it seems that Cisco is taking Clou...
A question I've been getting a lot from the Network Engineers, should they go for CCIE. There are two points to this question: Knowle...