Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
0
Helpful
1
Replies

How enable tacacs+ authentication for cli and Webti for OLT ME4600

kirokodelajungle
Level 1
Level 1

‎10-20-2020 03:38 PM

Hi everyone,

I'm working actually with one Optical Line Terminal ME 4620 and I'd like to enable the tacacs+ authentication for telnet access in the CLI and http for the Webti. My problem is that the equipement still use the local database with the local accounts such as : adminstandard and guest either I configure and apply the tacacs+ authentication for the CLI and Webti and when I try to disable it for the two nothing is happened and still authenticate with the same manner. 
 
I suspect that the problem is in the definition of the "aaa" methode but I don't know how to configure this section and all the documentation in this website doesn't give the exact procedure to follow with syntaxes and what do I need to enter when I type : 
 
application/aaa/configure --tac-services="exec?????????" --tac-protocol="?????"
 
The section for aaa that I dont know how to configure it.jpg
 
I just have by default the command "exec" in "--tac-services" and nothing in "--tac-protocol"
 
Please found here all the steps that I follow and tell me if I'm incorrect (screenshots for each step are in my demand) :
 
Note that :
-My tacacs+ server is reachable with "ping" from the OLT and vice versa. Plus, there is no firewall between my Cisco OLT_ME4600 and the tacacs+_server.
 
-I try  to combine some commands in the section "aaa" that I suspect but I never lose the access and still authenticate with the local database either I type "ip/apply"  and "ip/save" after each try. Exemple : exec {prvl-lvl=15}
 
1) First, I configure in the section "tacas+/config" of the ME4600 the key of the tacacs+_server with the correct key (encrypted like in my tacacs+_server).
 
2) After that, I configure in the section "tacacs+/server/config", the IP address of the tacacs+_server, the TCP port which is 49 (same used in my tacacs+_server), the timeout 5 sec and the name of the tacacs+_server and enable the admin state of this tacacs+_server that I configure.
 
3) Then, in the section "tacas+/server-group/config", I let the default server-group which is "login" and ensure that it was in admin state "enable"
 
4) Try to enable the aaa methode in the section : "applications/aaa/config" but I don't know how ????????
 
5) Finaly, I was int the two sections "applications/cli/aaa/config" & "application/webti/aaa/config" and I enable the tacacs+ authentication for access in CLI and GUI.
 
6) Execute : "ip/apply" and "ip/save" in order to apply and save configuration.
 

 

Can someone tell me how to solve this problem ???
 
Thanks verry much for your help.
Labels:
0 Helpful
1 Reply 1

kirokodelajungle
Level 1
Level 1

‎10-22-2020 11:01 AM

Hi,

 

Someone can help me or guide me for a potential solution please ??????

 

Best regards

0 Helpful
Customers Also Viewed These Support Documents