Course Content

CISCO AAA TACACS

TACACS+ is a security application which centrally validates users trying to access a router or a network access server. TACACS+ utilities are normally stored on the Unix or Windows NT workstation in a TACACS+ daemon database. The following services can be offered by TACACS+, operated by the AAA security services:

Authentication—Full, is identification by login and password, challenge and answer and message service.
Authorization, offers fine control over user abilities during user session, such as auto commands, access control, the length of session or protocol support, but not limited to these.
Accounting, is when the TACACS+ daemon gathers and sends billing, auditing and reporting material. The accounting facility may be used by network administrators to monitor the user operation for safety auditing or provide user billing information.

Now, before we practice how to apply AAA Tacacs based on the picture above, download the file for this page edit the file needed. So please, follow the command below,

Linux

  • wget ftp://ftp.shrubbery.net/pub/tac_plus/tacacs-F4.0.4.28.tar.gz

    tar zxvf tacacs-F4.0.4.28.tar.gz

    cd tacacs-F4.0.4.28

    ./configure

    apt install bison

    apt install bison --fix-missing

    apt install libwrap0-dev

    ./configure

    make

    make install

    gedit /etc/ld.so.conf &

    • Exercise 2

    Now we will practice how to apply AAA Tacacs on the Linux and Router, Follow the command below,

    R1

    • hostname R1

      int e0/0

      ip addr 12.1.1.1 255.255.255.0

      no shutdown

      exit

      • Start AAA New-Model

      • aaa new-model

        • Set TACACS+ data

        • tacacs server TACACS-SERVER

          add ipv4 172.16.1.2

          key ccie

          exit

          • Settings Authentication

          • aaa authentication login List_Login group tacacs+ local

            line console 0

            login authentication List_Login

            line vty 0 4

            login authentication List_Login

            aaa authentication enable default group tacacs+ enable

            • Start authorization

            • aaa authorization exec List_Priv group tacacs+ local

              line console 0

              authorization exec List_Priv

              exit

              aaa authorization console

              line vty 0 4

              authorization exec List_Priv

              • Settings Accounting

              • line console 0

                accounting exec List_Acc

                accounting commands 5 List_Comm_5

                accounting commands 10 List_Comm_10

                accounting commands 15 List_Comm_15

                line vty 0 4

                accounting exec List_Acc

                accounting commands 5 List_Comm_5

                accounting commands 10 List_Comm_10

                accounting commands 15 List_Comm_15

                do telnet 12.1.1.2

                • R2

                • hostname R2

                  int e0/0

                  ip addr 12.1.1.2 255.255.255.0

                  no shutdown

                  int e0/1

                  ip addr 172.16.1.1 255.255.255.0

                  no shutdown

                  • Linux

                  • ip addr add 172.16.1.2/24 brd + dev eth0

                    ping 172.16.1.1

                    • Add User

                    • useradd abcd

                      passwd abcd

                      • Install and Execute tac plus

                      • ./tac_pwd

                        gedit tac_plus.conf &

                        ./tac_plus -C ./tac_plus.conf -G