본문 바로가기

IT 이야기/네트워크(Network)

Cisco TACACS+ Config

728x90
반응형

 

Cisco 장비에서의 Config

aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa session-id common


ip tacacs source-interface Vlan10
tacacs server 10.10.10.10

 

 

ACS 서버에서의 설정
- Device 등록
Network Resources > Network Device Groups > Network Devices and AAA Clients

 

 


- AD Group 등록

*. 그 외 사용자 별 권한 설정 등 기타 설정은 아래 Cisco 문서를 참고하시기 바랍니다.
https://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/113590-acs5-tacacs-config.html

 

ACS 5.x: TACACS+ Authentication and Command Authorization based on AD group membership Configuration Example

This document provides an example of configuring TACACS Authentication and Command Authorization based on AD group membership of a user with Cisco Secure Access Control System (ACS) 5.x and later. ACS uses Microsoft Active Directory (AD) as an external ide

www.cisco.com

 

728x90
반응형