December 2006
Intermediate to advanced
1188 pages
72h 8m
English
Content preview from Cisco IOS Cookbook, 2nd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Sample Server Configuration Files
Problem
You want to configure a TACACS+ server to accept AAA requests from your network devices.
Solution
Here is an example of a TACACS+ server configuration file that accepts AAA requests from network devices to authenticate users. Use Example 4-1 as a template to help you build your own configuration files.
Example 4-1. tac.conf – sample TACACS server configuration file
key = "COOKBOOK"
accounting file = /var/log/tacacs
user = ijbrown {
default service = permit
member = staff
login = cleartext cisco
}
user = kdooley {
default service = permit
member = staff
login = des l5c2fHiF21uZ6
}
user = $enab15$ {
login = cleartext happy
}
group = staff {
# Default Group
}Discussion
In this recipe, we will look at how to configure Cisco’s free
TACACS+ server software because we want to show how the TACACS+ server
works. Most of the configuration is done at the central server, so
understanding a basic configuration helps with understanding AAA
services in general. You can obtain a copy of this software via FTP
from ftp-eng.cisco.com in the
directory /pub/tacacs. Please note that other
TACACS+ servers use different configuration syntax; however, the basic
concepts are the same.
The first thing you first need to configure is the TACACS+ encryption key. This key must be identical to the one configured on your router configuration with the tacacs-server key command. If the keys are not identical, none of the TACACS+ services will work. In the following example, we use ...