Technology today relies heavily on networking equipment and proper configuration of that networking equipment. Administrators are tasked with ensuring that configuration changes are not only tested thoroughly before implementation but also that any configuration changes are done by individuals who are authorized to be making changes as cisco router and switch configuration command ebook pdf as making sure that the changes are logged.
There are two very prominent systems that offer AAA functionality for administrators to secure access to devices and the networks those devices serve. TACACS is traditionally used for device administration. One of the large differences between these two protocols is the ability for TACACS to separate the AAA functions into independent functions. The benefit of TACACS separation of the AAA functions is that a user’s ability to execute certain commands can be controlled. This is very advantageous to organizations who wish to provide networking staff or other IT administrator’s with differing command privileges at a very granular level. This can be confirmed with several utilities.
To accomplish this task, the default daemon options can be modified to specify an IP address. The default installation will only specify the configuration file. IP address can be used for TACACS to listen. TACACS service is listening on the correct IP address. IP address on a specific IP address as set in the TACACS defaults file above. At this point users and specific command sets need to be created.
Open this file with a text editor to make the appropriate modifications. There is a lot of flexibility in this step. A single key can be configured for all network devices or multiple keys can be configured per device. The option is up to the user but this guide will use a single key for simplicity’s sake.
Creating groups makes the delegation of permissions much easier. Below is an example of assigning full administrator rights. Now a user needs to be assigned to the admin group. It is generally a best practice to place encrypted passwords into this file rather than plain-text as it adds a slight amount of security in the event that someone should read this file and shouldn’t necessarily have access. A good preventative measure for this is to at least remove world read access on the configuration file as well. We are thankful for your never ending support. He is an Instructor of Computer Technology with Ball State University where he currently teaches all of the departments Linux courses and co-teaches Cisco networking courses.
He is an avid Debian user as well as many of the derivatives of Debian such as Mint, Ubuntu, and Kali. Rob holds a Masters in Information and Communication Sciences as well as several industry certifications from Cisco, EC-Council, and Linux Foundation. Your name can also be listed here. It is self-hosted front-end UI for tac_plus configuration. My installation was easy, try it. Plus it has some advantages like Backup Maker for auto backup, Subnet searcher for subnets collection etc. This tool appears to be very useful.
I’ll have to experiment with it and amend this article! Thanks for the heads up on this tool. I tested it with GNS3 environment with a Router c3640 Version 12. Thank you for that piece of information.