AAA TACACS - Part2
1. TACAS -Cisco NEXUS - UDEMY
NXOS(config)# feature tacacs+
NXOS(config)# tacacs-server host 192.168.100.210 key Test123
NXOS(config)# tacacs-server host 192.168.100.220 key Test123
NXOS(config)# aaa group server tacacs+ MY_TACACS
NXOS(config-tacacs+)# server 192.168.100.210
NXOS(config-tacacs+)# server 192.168.100.220
NXOS(config-tacacs+)# deadtime 10
NXOS(config-tacacs+)# use-vrf default
NXOS(config-tacacs+)# source-interface Ethernet1/1
NXOS(config-tacacs+)# exit
NXOS(config)# aaa authentication login console local
NXOS(config)# aaa authentication login default group MY_TACACS local
NXOS(config)#aaa authorization commands default group MY_TACACS local
NXOS(config)#aaa authentication login error-enable
NXOS(config)# aaa authentication login ascii-authentication
2. TACAS -Cisco IOS- UDEMY
SW2(config)#aaa new-model
SW2(config)#tacacs server ISE1
SW2(config-server-tacacs)#address ipv4 192.168.100.210
SW2(config-server-tacacs)#key Test123
SW2(config)#aaa authentication login default group tacacs+ localSW2(config)#tacacs server ISE1
SW2(config-server-tacacs)#address ipv4 192.168.100.210
SW2(config-server-tacacs)#key Test123
SW2(config)#aaa authentication enable default group tacacs+ enable
SW2(config)#aaa authorization exec default group tacacs+ local
SW2(config)#aaa authorization commands 0 default group tacacs+ local
SW2(config)#aaa authorization commands 1 default group tacacs+ local
SW2(config)#aaa authorization commands 15 default group tacacs+ local
SW2(config)#aaa authorization config-commands
SW2(config)#aaa accounting exec default start-stop group tacacs+
SW2(config)#aaa accounting commands 0 default start-stop group tacacs+
SW2(config)#aaa accounting commands 1 default start-stop group tacacs+
SW2(config)#aaa accounting commands 15 default start-stop group tacacs+
SW2(config)#aaa accounting connection default start-stop group tacacs+
SW2(config)#line vty 0 4
SW2(config-line)#authorization commands 0 default
SW2(config-line)#authorization commands 1 default
SW2(config-line)#authorization commands 15 default
SW2(config-line)#authorization exec default
SW2(config-line)#login authentication default
SW2(config-line)#accounting exec default
SW2(config-line)#accounting commands 0 default
SW2(config-line)#accounting commands 1 default
SW2(config-line)#accounting commands 15 default
SW2(config-line)#accounting connection default
---------
------------Cisco Nexus DONE-------
feature tacacs+
tacacs-server host 10.87.10.100 key Test123
aaa group server tacacs+ ISE1
server 10.87.10.100
use-vrf management
ip tacacs source-interface mgmt0
!
tacacs-server host 10.87.10.100 key Test123
aaa group server tacacs+ ISE1
server 10.87.10.100
use-vrf management
ip tacacs source-interface mgmt0
!
aaa authentication login error-enable
aaa authentication login ascii-authenticatio
!
aaa accounting default group ISE1
aaa authentication login ascii-authenticatio
!
aaa accounting default group ISE1
!
aaa authentication login console local
aaa authentication login default group ISE1 local
aaa authorization commands default group ISE1 local
aaa authentication login console local
aaa authentication login default group ISE1 local
aaa authorization commands default group ISE1 local
-----------Cisco IOS-Switch DONE-----------
aaa new-model
!
aaa group server tacacs+ ISE1
server name WTC_ACS
!
tacacs server WTC_ACS
address ipv4 10.87.10.100
key Test123
ip tacacs source-interface Loopback0
!
aaa authentication login default group ISE1 local
aaa authentication enable default group ISE1 enable
!
aaa accounting update newinfo
aaa accounting exec default start-stop group ISE1
aaa accounting commands 0 default start-stop group ISE1
aaa accounting commands 1 default start-stop group ISE1
aaa accounting commands 15 default start-stop group ISE1
aaa session-id common
!
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group ISE1 local if-authenticated
aaa authorization commands 0 default group ISE1 local if-authenticated
aaa authorization commands 1 default group ISE1 local if-authenticated
aaa authorization commands 15 default group ISE1 local if-authenticated
line vty 0 4
exec-timeout 5 0
login authentication ISE1
transport input ssh
transport output all
!
aaa group server tacacs+ ISE1
server name WTC_ACS
!
tacacs server WTC_ACS
address ipv4 10.87.10.100
key Test123
ip tacacs source-interface Loopback0
!
aaa authentication login default group ISE1 local
aaa authentication enable default group ISE1 enable
!
aaa accounting update newinfo
aaa accounting exec default start-stop group ISE1
aaa accounting commands 0 default start-stop group ISE1
aaa accounting commands 1 default start-stop group ISE1
aaa accounting commands 15 default start-stop group ISE1
aaa session-id common
!
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group ISE1 local if-authenticated
aaa authorization commands 0 default group ISE1 local if-authenticated
aaa authorization commands 1 default group ISE1 local if-authenticated
aaa authorization commands 15 default group ISE1 local if-authenticated
line vty 0 4
exec-timeout 5 0
login authentication ISE1
transport input ssh
transport output all
-----------Cisco IOS-Router DONE-----------
aaa new-model
!
!
aaa group server tacacs+ ISE1
server name WTC_ACS
!
tacacs server WTC_ACS
address ipv4 10.87.10.100
key Test123
!
exit
aaa authentication login default group tacacs+ local-case
aaa authentication login VTY group ISE1 local-case
aaa authentication login CONSOLE local-case
aaa accounting exec default start-stop group ISE1
aaa accounting commands 15 default start-stop group ISE1
aaa accounting network default start-stop group ISE1
aaa accounting connection default start-stop group ISE1
aaa accounting system default start-stop group ISE1
!
aaa authentication enable default enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization exec VTY group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ local if-authenticated
aaa authorization commands 15 VTY group tacacs+ if-authenticated
aaa session-id common
!
ip tacacs source-interface Loopback0
!
line vty 0 4
exec-timeout 5 0
login authentication VTY
transport input ssh
transport output all
!
!
aaa group server tacacs+ ISE1
server name WTC_ACS
!
tacacs server WTC_ACS
address ipv4 10.87.10.100
key Test123
!
exit
aaa authentication login default group tacacs+ local-case
aaa authentication login VTY group ISE1 local-case
aaa authentication login CONSOLE local-case
aaa accounting exec default start-stop group ISE1
aaa accounting commands 15 default start-stop group ISE1
aaa accounting network default start-stop group ISE1
aaa accounting connection default start-stop group ISE1
aaa accounting system default start-stop group ISE1
!
aaa authentication enable default enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization exec VTY group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ local if-authenticated
aaa authorization commands 15 VTY group tacacs+ if-authenticated
aaa session-id common
!
ip tacacs source-interface Loopback0
!
line vty 0 4
exec-timeout 5 0
login authentication VTY
transport input ssh
transport output all
Posting Komentar untuk "AAA TACACS - Part2"