Re: Tacacs+ Configuration on CatOS

From: Scott Thornton (scthornton@gmail.com)
Date: Thu Dec 02 2004 - 14:07:35 GMT-3

• Next message: amilabs: "RE: DNS Problem"
• Previous message: Jim Dixon: "RE: DNS Problem"
• Maybe in reply to: sheyee@gmail.com: "Tacacs+ Configuration on CatOS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Here is how we do, this includes accounting...

#tacacs+
set tacacs server IPyousupply primary
set tacacs server IPyousupply
set tacacs server IPyousupply
set tacacs attempts 3
set tacacs directedrequest disable
set tacacs key yousupplythekey
set tacacs timeout 5

#authentication
set authentication login tacacs disable console
set authentication login tacacs enable telnet primary
set authentication login tacacs disable http
set authentication enable tacacs disable console
set authentication enable tacacs disable telnet
set authentication enable tacacs disable http
set authentication login radius disable console
set authentication login radius disable telnet
set authentication login radius disable http
set authentication enable radius disable console
set authentication enable radius disable telnet
set authentication enable radius disable http
set authentication login local enable console
set authentication login local enable telnet
set authentication login local enable http
set authentication enable local enable console
set authentication enable local enable telnet
set authentication enable local enable http
set authentication login kerberos disable console
set authentication login kerberos disable telnet
set authentication login kerberos disable http
set authentication enable kerberos disable console
set authentication enable kerberos disable telnet
set authentication enable kerberos disable http
set authentication login attempt 3 console
set authentication login attempt 3 telnet
set authentication login lockout 0 console
set authentication login lockout 0 telnet
set authentication enable attempt 3 console
set authentication enable attempt 3 telnet
set authentication enable lockout 0 console
set authentication enable lockout 0 telnet
!

#accounting
set accounting exec enable stop-only tacacs+
set accounting connect enable stop-only tacacs+
set accounting system enable stop-only tacacs+
set accounting commands enable all stop-only tacacs+
set accounting suppress null-username disable
set accounting update new-info

On Thu, 2 Dec 2004 07:39:59 -0500, Phil <theccie@gmail.com> wrote:
> This is how we enable tacacs on our CatOS switches (no accounting):
>
> #tacacs+
> set tacacs server 10.1.1.11 primary
> set tacacs server 10.2.1.11
> set tacacs key mytacacskey
> !
> #authentication
> set authentication login tacacs enable console primary
> set authentication login tacacs enable telnet primary
> set authentication login tacacs enable http primary
> set authentication enable tacacs enable console primary
> set authentication enable tacacs enable telnet primary
> set authentication enable tacacs enable http primary
>
> I don't know if the behavior will be the same if you apply the
> authentication commands as you did.
>
> Phil
>
>
>
> On Thu, 2 Dec 2004 02:08:27 -0500, sheyee@gmail.com <sheyee@gmail.com> wrote:
> > Hello:
> >
> > I am trying to setup Tacacs+ on a 6500 CatOS. Can someone review the following command to see if I am doing it correctly.
> >
> > switch#set authentication login local enable
> > switch#set authentication login tacacs enable
> > switch#set authentication enable local enable
> > switch#set authentication enable tacacs enable
> > switch#set accounting exec enable start-stop tacacs+
> > switch#set accounting connect enable start-stop tacacs+
> > switch#set accounting system enable start-stop tacacs+
> > switch#set accounting commands enable all start-stop tacacs+
> > switch#set accounting update periodic 1
> > switch#set tacacs server 10.10.10.125
> > switch#set tacacs key helpme
> >
> > Regards,
> >
> > Sheyee
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Scott C Thornton
Notice: This e-mail (including attachments) is covered by the Electronic
Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be
legally privileged.  If you are not the intended recipient, you are hereby
notified that any retention, dissemination, distribution, or copying of this
communication is strictly prohibited.  Please reply to the sender that you
have received the message in error, then delete it.  Thank you.

• Next message: amilabs: "RE: DNS Problem"
• Previous message: Jim Dixon: "RE: DNS Problem"
• Maybe in reply to: sheyee@gmail.com: "Tacacs+ Configuration on CatOS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:23 GMT-3