728x90
반응형
Cisco 장비에서의 Config
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa session-id common
ip tacacs source-interface Vlan10
tacacs server 10.10.10.10
ACS 서버에서의 설정
- Device 등록
Network Resources > Network Device Groups > Network Devices and AAA Clients
- AD Group 등록
*. 그 외 사용자 별 권한 설정 등 기타 설정은 아래 Cisco 문서를 참고하시기 바랍니다.
https://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/113590-acs5-tacacs-config.html
ACS 5.x: TACACS+ Authentication and Command Authorization based on AD group membership Configuration Example
This document provides an example of configuring TACACS Authentication and Command Authorization based on AD group membership of a user with Cisco Secure Access Control System (ACS) 5.x and later. ACS uses Microsoft Active Directory (AD) as an external ide
www.cisco.com
728x90
반응형
'IT 이야기 > 네트워크(Network)' 카테고리의 다른 글
| [Cisco] Error-Disabled (show interface status err-disabled) (0) | 2020.02.21 |
|---|---|
| [Cisco] Controller Base AP 에서 Telnet, SSH 허용 (0) | 2020.02.07 |
| Cisco 장비의 CPU 사용량 확인 방법 (show process cpu) (0) | 2020.01.30 |
| 고정IP 변경 배치 파일(Static IP Address Batch File) (4) | 2020.01.30 |
| Linux Shell Script 를 이용한 Cisco IOS Password 일괄 변경 (0) | 2019.06.07 |
| Cisco syslog Configuration (4) | 2016.12.14 |
| Cisco Router E1/T1 Configuration (0) | 2016.03.10 |
| huawei AP http login Configuration (0) | 2015.11.18 |
