TACACS+ Configuration Linux Server Cisco IOS |Part 1/3|Authentication| enable password command sets
14.6 هزار بار بازدید -
6 سال پیش
-
𝗙𝗼𝗿 𝗖𝗼𝗺𝗽𝗹𝗲𝘁𝗲 𝗣𝘆𝘁𝗵𝗼𝗻 𝗙𝗼𝗿 𝗡𝗲𝘁𝘄𝗼𝗿𝗸
𝗙𝗼𝗿 𝗖𝗼𝗺𝗽𝗹𝗲𝘁𝗲 𝗣𝘆𝘁𝗵𝗼𝗻 𝗙𝗼𝗿 𝗡𝗲𝘁𝘄𝗼𝗿𝗸 𝗘𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝘀 𝗖𝗼𝘂𝗿𝘀𝗲:
𝗘𝗻𝗿𝗼𝗹𝗹 𝗳𝗼𝗿 𝗯𝗲𝗹𝗼𝘄 𝗨𝗱𝗲𝗺𝘆 𝗖𝗹𝗮𝘀𝘀: 𝟐𝟎𝟐𝟐 𝐕𝐞𝐫𝐬𝐢𝐨𝐧
𝑫𝒊𝒔𝒄𝒐𝒖𝒏𝒕𝒆𝒅 𝑹𝒆𝒇𝒆𝒓𝒓𝒂𝒍 𝑳𝒊𝒏𝒌:
https://www.udemy.com/course/python-f... This video series demonstrates how to install and configure TACACS+ Server from the beginning , for Authentication ,Authorization and Accounting with Cisco IOS Devices.
First video convers how to add TACACS clinet in the server, configure shared secret for encrypting the traffic, add users and user groups in tacacs Server
Configure enable password in TACACS+, test enabe passwords in local device config and local password configured in TACACS server
Second video covers authorization of TACACS server
Create users with different privilege levels 0 1 and 15, check the default command permissions of the users. Configure persission for the command set and test the user privilege with commands
Third video covers accounting part. Cerify the TACACS log using "tail -f". Check the real time logs by executing the commands with different privilege levels.Checks the authorization debug output in the console for different user levels.
Below are the configurations in Cisco IOS and TACACS+ Server
sudo apt-get install tacacs+
sudo service tacacs_plus stop
sudo vi /etc/tacacs+/tac_plus.conf
netstat -na | grep -i LISTEN
Step 01
-----------------
key = cisco
host = 10.10.10.10 {
prompt = "Welcome to R1 \n\nUsername:"
}
#####################################################
user = t1 {
member = NETADMIN
enable = cleartext t1
login = cleartext t1
}
group = NETADMIN {
default service = permit
service = exec {
priv-lvl = 15
}
}
######################################################
aaa new-model
tacacs-server host 10.10.10.10
tacacs-server key cisco
------------------------------------------------
Logging console
debug aaa authorization
############################################
Only authentication : no enable , no authorization, no accounting
---------------------------------
aaa authentication login default group tacacs+ local
aaa authentication enable default none
############################################
Authentication + enable (local)
------------------------------------
aaa authentication login default group tacacs+ local
Enable secret password
############################################
Authentication + enable (tacacs)
-------------------------------------
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+
###################################################
Authentication+ authorization with Priv-lvl 0 1 and 15
--------------------------------------------------------
user = t2 {
member = NETADMIN2
enable = cleartext t2
login = cleartext t2
}
group = NETADMIN2 {
default service = permit
service = exec {
priv-lvl = 1
}
}
aaa authentication login default group tacacs+ local
No aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
###############################################################
Authorization with command list
-----------------------------------------------------
user = t3 {
member = NETADMIN3
enable = cleartext t3
login = cleartext t3
}
group = NADMIN3 {
service = exec {
priv-lvl = 1
}
cmd = enable {
permit .*
}
cmd = show {
permit .*
}
cmd = exit {
permit .*
}
}
OR
cmd = show {
Permit interface
Deny .*
}
################################################################
Authentication+ authorization + accounting
My Config
--------------------------
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
𝗘𝗻𝗿𝗼𝗹𝗹 𝗳𝗼𝗿 𝗯𝗲𝗹𝗼𝘄 𝗨𝗱𝗲𝗺𝘆 𝗖𝗹𝗮𝘀𝘀: 𝟐𝟎𝟐𝟐 𝐕𝐞𝐫𝐬𝐢𝐨𝐧
𝑫𝒊𝒔𝒄𝒐𝒖𝒏𝒕𝒆𝒅 𝑹𝒆𝒇𝒆𝒓𝒓𝒂𝒍 𝑳𝒊𝒏𝒌:
https://www.udemy.com/course/python-f... This video series demonstrates how to install and configure TACACS+ Server from the beginning , for Authentication ,Authorization and Accounting with Cisco IOS Devices.
First video convers how to add TACACS clinet in the server, configure shared secret for encrypting the traffic, add users and user groups in tacacs Server
Configure enable password in TACACS+, test enabe passwords in local device config and local password configured in TACACS server
Second video covers authorization of TACACS server
Create users with different privilege levels 0 1 and 15, check the default command permissions of the users. Configure persission for the command set and test the user privilege with commands
Third video covers accounting part. Cerify the TACACS log using "tail -f". Check the real time logs by executing the commands with different privilege levels.Checks the authorization debug output in the console for different user levels.
Below are the configurations in Cisco IOS and TACACS+ Server
sudo apt-get install tacacs+
sudo service tacacs_plus stop
sudo vi /etc/tacacs+/tac_plus.conf
netstat -na | grep -i LISTEN
Step 01
-----------------
key = cisco
host = 10.10.10.10 {
prompt = "Welcome to R1 \n\nUsername:"
}
#####################################################
user = t1 {
member = NETADMIN
enable = cleartext t1
login = cleartext t1
}
group = NETADMIN {
default service = permit
service = exec {
priv-lvl = 15
}
}
######################################################
aaa new-model
tacacs-server host 10.10.10.10
tacacs-server key cisco
------------------------------------------------
Logging console
debug aaa authorization
############################################
Only authentication : no enable , no authorization, no accounting
---------------------------------
aaa authentication login default group tacacs+ local
aaa authentication enable default none
############################################
Authentication + enable (local)
------------------------------------
aaa authentication login default group tacacs+ local
Enable secret password
############################################
Authentication + enable (tacacs)
-------------------------------------
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+
###################################################
Authentication+ authorization with Priv-lvl 0 1 and 15
--------------------------------------------------------
user = t2 {
member = NETADMIN2
enable = cleartext t2
login = cleartext t2
}
group = NETADMIN2 {
default service = permit
service = exec {
priv-lvl = 1
}
}
aaa authentication login default group tacacs+ local
No aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
###############################################################
Authorization with command list
-----------------------------------------------------
user = t3 {
member = NETADMIN3
enable = cleartext t3
login = cleartext t3
}
group = NADMIN3 {
service = exec {
priv-lvl = 1
}
cmd = enable {
permit .*
}
cmd = show {
permit .*
}
cmd = exit {
permit .*
}
}
OR
cmd = show {
Permit interface
Deny .*
}
################################################################
Authentication+ authorization + accounting
My Config
--------------------------
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
6 سال پیش
در تاریخ 1397/11/27 منتشر شده
است.
14,644
بـار بازدید شده