Lompat ke konten Lompat ke sidebar Lompat ke footer
Beranda / AAA TACACS - Part1

AAA TACACS - Part1

Oleh Hasugian Posting Komentar


























Konfigurasi Switch SW-IOS-01
hostname SW-IOS-01
!
username admin privilege 15 password cisco
ip domain-name training.lab

!
interface Loopback0  
 des IP MGMT
 ip address 172.16.10.1 255.255.255.255
 ip ospf 1 area 0
 exit
!
interface Ethernet0/0
 switchport access vlan 10
 switchport mode access
 exit
!
interface Ethernet0/3
 switchport access vlan 10
 switchport mode accessno
 exit
!
interface Ethernet0/1
 switchport access vlan 100
 switchport mode access
 exit
!
interface Ethernet1/0
 switchport mode access
 switchport access vlan 100
!
interface Vlan10
no shut
 des Gateway Vlan_10
 ip address 192.168.10.1 255.255.255.0
 ip ospf 1 area 0
 exit
!
interface Vlan100
 no shut
 ip address 10.1.1.1 255.255.255.248
 ip ospf 1 area 0
 exit
!
router ospf 1
exit
!
line vty 0 4
  transport input all
  login local
  exit
  !
crypto key generate rsa modulus 1024
!

Konfigurasi Switch SW-NXOS-01

switch# conf t
switch(config)# hostname SW-NXOS-01
SW-NXOS-01(config)# username admin1 role network-admin password Admin1234

SW-NXOS-01(config)# line vty
SW-NXOS-01(config-line)# session-limit 50
SW-NXOS-01(config-line)# exec-timeout 10
SW-NXOS-01(config-line)# ex
!
SW-NXOS-01(config)# feature ospf
SW-NXOS-01(config)# router ospf 1
SW-NXOS-01(config-router)# router-id 172.16.10.2
SW-NXOS-01(config-router)# ex
!
SW-NXOS-01(config)# interface lo0
SW-NXOS-01(config-if)# ip address 172.16.10.2 255.255.255.255
SW-NXOS-01(config-if)# ip router ospf 1 area 0
SW-NXOS-01(config-if)# exit
!
SW-NXOS-01(config)# vrf context management
SW-NXOS-01(config-vrf)# ip route 0.0.0.0/0 10.1.1.1
SW-NXOS-01(config-vrf)# exit
!
SW-NXOS-01(config)# int mgmt 0
SW-NXOS-01(config-if)# vrf member management
SW-NXOS-01(config-if)# ip add 10.1.1.2 255.255.255.248
SW-NXOS-01(config-if)#

====== Config TACACS+ SWITCH IOS ==========
aaa new-model
aaa group server tacacs+ ISE1
 server name TRAINING
!
tacacs server TRAINING
 address ipv4 192.168.10.200
 key Test123
 ip tacacs source-interface Loopback0
!
aaa authentication login default group ISE1 local
aaa authentication enable default group ISE1 enable
!
aaa accounting update newinfo
aaa accounting exec default start-stop group ISE1
aaa accounting commands 0 default start-stop group ISE1
aaa accounting commands 1 default start-stop group ISE1
aaa accounting commands 15 default start-stop group ISE1
!
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group ISE1 local if-authenticated
aaa authorization commands 0 default group ISE1 local if-authenticated
aaa authorization commands 1 default group ISE1 local if-authenticated
aaa authorization commands 15 default group ISE1 local if-authenticated
!
END

====== Config TACACS+ SWITCH NEXUS==========
Versi : PNETLab

feature tacacs+
tacacs-server host 192.168.10.200 key Test123
aaa group server tacacs+ ISE1
 server 192.168.10.200
 use-vrf management
 ip tacacs source-interface mgmt0
 !
aaa authentication login error-enable
aaa authentication login ascii-authentication
aaa authentication login console local
aaa authentication login default group ISE1 local
!
aaa accounting default group ISE1
!
aaa authorization commands default group ISE1 local
!





Posting Komentar untuk "AAA TACACS - Part1"

Posting Komentar