Shulou(Shulou.com)06/01 Report--

Tacacs ACS server usage setup configuration

1. Set up server

1. Install on virtual machine using relevant ACS 5.2 ISO image, omitted (simple)

2. crack lisence :

Install reload restart, enter single user mode

The requested URL/media/cdrom/dev/was not found on this server.

Copy license authentication crack file

cp /media/cdrom/flexlm-10.9.jar to/opt/CSCoacs/mgmt/apache-tomcat-6.0.18/lib/flexlm-10.9.jar

reboot complete

Note: license needs to be downloaded from the Internet to the local, web page loading needs to be

Default Account: acsadmin, Default Password: default. The first time you enter, you will be asked to reset your password. Follow the prompts.

Log in with new password, select downloaded license, import. Acsbase.lic is the base, here first select base import. install

Click the feature option in the figure below, select Add/upgrade, import acsctfeat.lic submit submit. OK, done.

2. server configuration

1, Configure physical location groups and device type groups

Configure details for each network device (client)

Then set up user accounts that need to log in to network devices

Set Account Properties Template

Set Command Set Templates

And then to the favorite strategy configuration

First, configure the policy template. Of course, tacacs and Device Admin are selected.

The following is the configuration of the authorization policy

The server side settings are complete!!

Note: According to the matching principle of user group, the device location must be exactly the same to match the authorization policy. What a fool!

Here's how to start configuring on network devices

First, the device and server network need to be connected (crap), make sure con password is correct (last straw), vty uses aaa authentication, ssh is enabled.

login device

First configure the tacacs template

hwtacacs-server template XXX (template name, used below)

hwtacacs-server authentication XXX.XXX. (Authentication server IP, tacacs default to port 49)

hwtacacs-server authorization XXX.XXX. (Authorization server IP tacacs default to port 49)

hwtacacs-server shared-key cipher XXXX

hwtacacs-server timer response-timeout 2 (timeout response, can be set or not)

ssh authentication-type default password

This must be there, so you don't have to type it again for every user.

Configure AAA authentication

aaa

authentication-scheme default

authentication-mode hwtacacs local

q

authorization-scheme default

authorization-mode hwtacacs local

authorization-cmd 15 hwtacacs local

configure domain

domain default

authentication-scheme default

authorization-scheme default

hwtacacs-server XXX (using the tacacs template above)

Finally, domain is enabled.

domain default admin

Success!!!

Attachment: Brush switch configuration text

sys

user-int con 0

authentication-mode password

set authentication password cipher XXXXXXX

q

ssh authentication-type default password

hwtacacs-server template acs

hwtacacs-server authentication XXX.XXX.XXX.XXX

hwtacacs-server authorization XXX.XXX.XXX.XXX

hwtacacs-server shared-key cipher XXXXXXX

hwtacacs-server timer response-timeout 2

q

aaa

authentication-scheme default

authentication-mode hwtacacs local

q

authorization-scheme default

authorization-mode hwtacacs local

authorization-cmd 15 hwtacacs local

q

domain default

authentication-scheme default

authorization-scheme default

hwtacacs-server acs

q

q

domain default admin

q

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.