Remote access of network switch for unified authentication, authorization and audit records 01/19 Update SLTechnology News&Howtos

Remote access of network switch for unified authentication, authorization and audit records

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Generally speaking, a small and medium-sized enterprise with 800 employees will have at least 4 or 50 network devices that need to be managed by network administrators. It is possible that one or two of the key equipment will open remote management access to the external network. For security reasons, when our network administrators change their jobs or change passwords regularly, if all network devices are accessed by local users and passwords, then each device will need to change passwords. If there are more network devices in a large enterprise and multiple network managers at the same time, when everyone uses the same local user to manage, there will be a lot of unnecessary trouble and confusion. And unified authentication, authorization, audit records will solve these problems, each network manager will have its own account, change an account password, you can remotely manage all devices. OK, speaking of which, let's write down the switch configuration commands.

Hostname *

Clock timezone CN 8

Service password-encryption

Service timestamps log datetime localtime

Username username password *

Enable secret *

Ip domain-name neosw.int

Ip name-server 192.168.x.y

Ip name-server 192.168.x.xy

Aaa new-model

Aaa authentication login default group tacacs+ local line

Aaa authentication enable default enable

Aaa authentication ppp default local

Aaa authorization exec default group tacacs+ none

Aaa authorization commands 15 default group tacacs+ none

Aaa authorization network default group tacacs+ local

Aaa accounting exec default start-stop group tacacs+

Aaa accounting commands 15 default start-stop group tacacs+

Aaa accounting network default start-stop group tacacs+

Tacacs-server host 192.168.x.102

Tacacs-server host 192.168.x.103

Tacacs-server key *

Snmp-server community Cxxxx ro

Ntp server 192.168.x.254

Ntp server 192.168.x.240

Line vty 0 4

Privilege level 15

The above is the switch configuration, and our tacacs+, uses Cisco ACS5.4 software to configure two sets for primary and secondary synchronization (there are a lot of related information on the network)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.