How can we configure TACACS+ server on router?

45 pts.
Tags:
Network security
Router configuration
Server configuration
How we configure TACACS+ server on router

Software/Hardware used:
both

Answer Wiki

Thanks. We'll let you know when a new response is added.

In order to configure a router to communicate with a Cisco or other vendors TACACS server you first need to set up and configure the server. Once that done you can continue with the router configuration.

Before you enable any AAA configuration on the router you should specify a TACACS server, key and source interface to use, see below for an example:

tacacs-server host 1.1.1.1 mykey

or if that exact syntax does not exist:

tacacs-server host 1.1.1.1
tacacs-server key mykey

then

ip tacacs source-interface loopback0

– where 1.1.1.1 is the ip address of your server.
– where mykey is the password you set up for this client on your server.
– where loopback0 is the interface address to use as the source for AAA packets.

The you can proceed the AAA configuration, now this will vary depending on what you want to do. Just remember that AAA stands for:

Authentication – Who can log onto this router?
Authorisation – What can they do once they are authenticated?
Accounting – What did they do?

I would suggest having a read of this document on IOS Security:
<a href=”http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfaaa.html#wp1000950″>IOS Security</a>

……and then perhaps ask a more pointed question stating exactly what you wish to achieve. I only say this because AAA configuration is very powerful and does much more than most think but if all you are after is a basic configuration that forces users to be authenticated against a TACACS server then this would do that:

tacacs-server host 1.1.1.1
tacacs-server key mykey
ip tacacs source-interface loopback0
!
aaa new-model
aaa authentication login default group tacacs+

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Cisco4me
    Can a Cisco router itself be used as a TACACS server so that other device can authenticate against that router? Thanks in advance... Cisco4me
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following