Install an configure tacacs+ on Debian 8 – part 2

Install an configure tacacs+ on Debian 8 – part 1
November 17, 2016
How to remove orphaned PID files
July 31, 2017
Show all

Install an configure tacacs+ on Debian 8 – part 2

Let’s connect our Cisco switch with our Debian 8 tacacs+ server

The first step is to connect to the ASA device and gain privilege exec access.

Th global configuration mode is needed and can be obtained using “configure terminal”.
From global configuration mode the rest of the commands to setup TACACS+ will be issued.

Create a backup account to gain access to the device in the event that the TACACS+ system is unavailable.

The next step is to specify all of the server information and key.

Setup  the AAA information that the TACACS+ server will handle.
Below is a list of the commands:

Explanation about the commands used above:

  • The first stanza creates a AAA model.
  • The second line is used to tell the switch/router that it should check all login attempts against the TACACS+ server first and if the server isn’t available check the locally configured user database.
  • The authorization lines tell the network device to contact the TACACS+ server to determine if the user is allowed to run particular commands at that particular privilege level.
  • The accounting lines tell the network device to log activity to the TACACS+ server.

Now you should be able to configure your network device for SSH access, using the following commands:

NOTE:

Depending of your CISCO machine (it could be one of those without SSH support), you may use different instructions for connecting that device to a TACACS+ server.

To test it log completely out of the switch and then attempt to SSH into the switch using the username configured earlier on the TACACS+ server.
On Linux systems, this can be done via the command:

If access is granted to the switch/router, congratulations!
Your TACACS+ server is working just fine.

Final notes:

  • You should read the full documentation on tac_plus and fine tune the setup, the password, the encryption method … etc.
  • Keep in mind this is a simple setup. You can do much more if the system is correctly understood.

 

Marin Nedea
Marin Nedea
I'm passionate about open source software and technologies. In my spare time I build simple and functional websites from scratch, using PHP+HTML5+CSS3+MySQL and when I'm bored, I write simple PHP_CLI or bash scripts to play around on my Linux machine.

Leave a Reply

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close