Re: TACACS+

From: David Ankers (d.ankers@xxxxxxxxxxxxxx)
Date: Fri Sep 15 2000 - 20:20:05 GMT-3

• Next message: Sheref Mohamed: "RE: CCIE lab date swap FOR MONEY!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
• Previous message: Kyle Galusha: "Re: DLSW netbios filtering"
• Maybe in reply to: Sam Munzani: "TACACS+"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Sent that before I'd finished typing it, sorry. I'm giving up for the night,
I way too tired. I can of course also login via the tty ports. I changed my
config to be as close to your's as possible and it works fine. As you can
see from the output below, I'm on the 12.0 ISO train.

Press RETURN to get started.

Username:dave
Password:

router_6>en
Password:
router_6#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router_6
!
aaa new-model
aaa authentication login default tacacs+
aaa authentication login no_tacacs enable
aaa authentication ppp default tacacs+
aaa authorization exec default tacacs+
aaa authorization network default tacacs+
aaa accounting exec default start-stop tacacs+
aaa accounting network default start-stop tacacs+
enable secret 5 $1$O9rM$SemwWLHhLXZTzMND12lT1/
!
ip subnet-zero
no ip domain-lookup
!
!
!
!
!
interface Ethernet0
 ip address 10.254.254.2 255.255.255.0
 no ip directed-broadcast
!
interface Ethernet1
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Serial0
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Serial1
 no ip address
 no ip directed-broadcast
 shutdown
!
ip classless
!
!
tacacs-server host 10.254.254.1
tacacs-server key cisco
!
line con 0
 exec-timeout 360 0
 logging synchronous
 transport preferred none
 transport input none
line aux 0
 transport input all
line vty 0 4
 password admin
!
end

router_6#
router_6#telnet 10.254.254.2
Trying 10.254.254.2 ... Open

Username:dave
Password:

router_6>en
Password:
router_6#

----- Original Message -----
From: "Sam Munzani" <smunzani@yahoo.com>
To: <rlagras1@tampabay.rr.com>; <ccielab@groupstudy.com>
Sent: Friday, September 15, 2000 11:40 PM
Subject: Re: TACACS+

> Ok. My config is attached. I have even captured my
> attempt to login to console success and telnet
> failure.
>
> Please let me know what am I doing wrong?
>
> Sam
> --- Robert LaGrasse <rlagras1@tampabay.rr.com> wrote:
> > Post your config Sam.
> >
> > All you really need to do is put the same login
> > authentication method list line in the vty 0 4
> > section of the config as you did
> > in the line con 0 section. Also be more specific as
> > to what problem you're
> > having -- are you not authenticating, are you not
> > authorizing, etc. Beware the
> > default authorization method list.
> >
> > -B (aka the IT whore)
> >
> > On Fri, 15 Sep 2000, you wrote:
> > > Hi Group,
> > >
> > > I would like to use CISCO Secure ACS server 2.4
> > for
> > > NT(TACACS+) to authenticate all my routers and
> > > switches for console, telnet and aux ports. I got
> > it
> > > working for console port but getting some errors
> > for
> > > telnet users.
> > >
> > > Is anybody there with a working sample config? I
> > will
> > > appreciate a working config to guide me where and
> > I
> > > doing wrong.
> > >
> > > Thanks in advance,
> > >
> > > Sam
> > >
> > > =====
> > > Regards,
> > >
> > > Sam Munzani
> > > sam@munzani.com
> > >

• Next message: Sheref Mohamed: "RE: CCIE lab date swap FOR MONEY!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
• Previous message: Kyle Galusha: "Re: DLSW netbios filtering"
• Maybe in reply to: Sam Munzani: "TACACS+"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:56 GMT-3