- Device administration: Authenticates administrators, authorizes commands, and provides an audit trail
- Remote Access: Works with VPN and other remote network access devices to enforce access policies
- Wireless: Authenticates and authorizes wireless users and hosts and enforces wireless-specific policies
- Network admission control: Communicates with posture and audit servers to enforce admission control policiec
now configure the ACS server
configue a client that will be our Router
give the router IP address and the shared secret cisco we will configure that in our server with the shared secret cisco too
create a user name:
give a password and select the user group
now configuring the user group :
scroll down to tacacs server part and enable shell for exec mode and the privilege
now we finish configuration with ACS server : just simple configuration for login ACS has a lot configuration (^_*)
we move to configure our router to authenticate users using our ACS server
1: enable the aaa with the command aaa new-model
2:create a method that tells the router we need to authenticate our users using tacacs+ server if you don't find tacacs+ server use our local user database
aaa authentication login mylogin group tacacs+ local
3:now we give the router the tacacs server ip address
and configure the shared key
tacacs-server host 10.0.0.50
tacacs-server key cisco
so now we done but we don't enable the mylogin method yet
we will put our method mylogin under the telnet interface to authenticate users using telent to configure our router
line vty 0 4
login authentication mylogin
congratulation we finish configuring our server to authenticate users come by telent to use ACS tacacs server
now time to test ?!
1- you can use telnet 10.0.0.1 to comunicate with our server
i'm using tera term :
enter the user name and password :
dadaaaaaaaaa
هذه الداة الي تعمل المستخدمين والصلاحيات لهم وجعلهم في مجموعات ؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟؟
ReplyDeleteهلا يا كاهلي ايوه نعم
ReplyDeleteYou can access EXEC mode, and how about the privilege mode? After trying to input the command enable, it says %Error in authentication %
ReplyDelete