Cisco NXOS | Basic Configure and TACACS+
Basic Configurasi Switch NXOS dan TCACAS+
Versi : PNETLab
switch# conf t
SW2(config)# hostname NXOS-SW2
NXOS-SW2(config)# username admin1 role network-admin password Admin1234
NXOS-SW2(config)# line vty
NXOS-SW2(config-line)# session-limit 50
NXOS-SW2(config-line)# exec-timeout 10
NXOS-SW2(config-line)# ex
!
NXOS-SW2(config)# feature ospf
NXOS-SW2(config)# router ospf 1
NXOS-SW2(config-router)# router-id 172.16.10.2
NXOS-SW2(config-router)# ex
!
NXOS-SW2(config)# interface lo0
NXOS-SW2(config-if)# ip address 172.16.10.2 255.255.255.255
NXOS-SW2(config-if)# ip router ospf 1 area 0
NXOS-SW2(config-if)# exit
!
NXOS-SW2(config)# vrf context management
NXOS-SW2(config-vrf)# ip route 0.0.0.0/0 10.1.1.1
NXOS-SW2(config-vrf)# exit
!
NXOS-SW2(config)# int mgmt 0
NXOS-SW2(config-if)# vrf member management
NXOS-SW2(config-if)# ip add 10.1.1.2 255.255.255.248
NXOS-SW2(config-if)#
SW2(config)# hostname NXOS-SW2
NXOS-SW2(config)# username admin1 role network-admin password Admin1234
NXOS-SW2(config)# line vty
NXOS-SW2(config-line)# session-limit 50
NXOS-SW2(config-line)# exec-timeout 10
NXOS-SW2(config-line)# ex
!
NXOS-SW2(config)# feature ospf
NXOS-SW2(config)# router ospf 1
NXOS-SW2(config-router)# router-id 172.16.10.2
NXOS-SW2(config-router)# ex
!
NXOS-SW2(config)# interface lo0
NXOS-SW2(config-if)# ip address 172.16.10.2 255.255.255.255
NXOS-SW2(config-if)# ip router ospf 1 area 0
NXOS-SW2(config-if)# exit
!
NXOS-SW2(config)# vrf context management
NXOS-SW2(config-vrf)# ip route 0.0.0.0/0 10.1.1.1
NXOS-SW2(config-vrf)# exit
!
NXOS-SW2(config)# int mgmt 0
NXOS-SW2(config-if)# vrf member management
NXOS-SW2(config-if)# ip add 10.1.1.2 255.255.255.248
NXOS-SW2(config-if)#
----------------------CONFIGURE TACACS+ -------------
Switch NEXUS SWITH
Versi : PNETLab
feature tacacs+
tacacs-server host 192.168.10.200 key Test123
aaa group server tacacs+ ISE1
server 192.168.10.200
use-vrf management
ip tacacs source-interface mgmt0
!
aaa authentication login error-enable
aaa authentication login ascii-authentication
aaa authentication login console local
aaa authentication login default group ISE1 local
!
aaa accounting default group ISE1
!
aaa authorization commands default group ISE1 local
!
tacacs-server host 192.168.10.200 key Test123
aaa group server tacacs+ ISE1
server 192.168.10.200
use-vrf management
ip tacacs source-interface mgmt0
!
aaa authentication login error-enable
aaa authentication login ascii-authentication
aaa authentication login console local
aaa authentication login default group ISE1 local
!
aaa accounting default group ISE1
!
aaa authorization commands default group ISE1 local
!
---- ATAU BISA JG PAKE COMMAND DIBAWAH INI ---------
feature tacacs+
!
tacacs-server host 192.168.10.200 key Test123
aaa group server tacacs+ ISE1
server 192.168.10.200
use-vrf management
ip tacacs source-interface mgmt0
!
tacacs-server host 192.168.10.200 key Test123
aaa group server tacacs+ ISE1
server 192.168.10.200
use-vrf management
ip tacacs source-interface mgmt0
!
aaa authentication login error-enable
aaa authentication login default group ISE1
!
aaa accounting default group ISE1
!
aaa authorization commands default group ISE1 local
!
Switch IOS Catalyst
Versi : PNETLab
aaa authentication login default group ISE1
!
aaa accounting default group ISE1
!
aaa authorization commands default group ISE1 local
!
Switch IOS Catalyst
Versi : PNETLab
aaa new-model
!
aaa group server tacacs+ ISE1
server name WTC_ACS
!
tacacs server WTC_ACS
address ipv4 192.168.10.200
key Test123
ip tacacs source-interface Loopback0
!
aaa authentication login default group ISE1 local
aaa authentication enable default group ISE1 enable
!
aaa accounting update newinfo
aaa accounting exec default start-stop group ISE1
aaa accounting commands 0 default start-stop group ISE1
aaa accounting commands 1 default start-stop group ISE1
aaa accounting commands 15 default start-stop group ISE1
aaa session-id common
!
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group ISE1 local if-authenticated
aaa authorization commands 0 default group ISE1 local if-authenticated
aaa authorization commands 1 default group ISE1 local if-authenticated
aaa authorization commands 15 default group ISE1 local if-authenticated
Switch Nexus N9K
Versi : Real Device
!
aaa group server tacacs+ ISE1
server name WTC_ACS
!
tacacs server WTC_ACS
address ipv4 192.168.10.200
key Test123
ip tacacs source-interface Loopback0
!
aaa authentication login default group ISE1 local
aaa authentication enable default group ISE1 enable
!
aaa accounting update newinfo
aaa accounting exec default start-stop group ISE1
aaa accounting commands 0 default start-stop group ISE1
aaa accounting commands 1 default start-stop group ISE1
aaa accounting commands 15 default start-stop group ISE1
aaa session-id common
!
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group ISE1 local if-authenticated
aaa authorization commands 0 default group ISE1 local if-authenticated
aaa authorization commands 1 default group ISE1 local if-authenticated
aaa authorization commands 15 default group ISE1 local if-authenticated
Switch Nexus N9K
Versi : Real Device
| feature tacacs+ |
| tacacs-server host 10.1.50.40 key batam@2022 |
| aaa group server tacacs+ PUSAT |
| server 10.28.50.44 |
| use-vrf management |
| ip tacacs source-interface mgmt0 |
| ! |
| aaa authentication login error-enable |
| aaa authentication login default group PUSAT |
| ! |
| aaa accounting default group PUSAT |
| ! |
| aaa authorization commands default group PUSAT local |
| ! |
&&&&&&&&& SELESAI &&&&&&&&&&
Posting Komentar untuk "Cisco NXOS | Basic Configure and TACACS+"