TEST PLAN FOR TACACS+
- So we are implementing tacacs on all our firewalls in the next week or so I have some doubts so that I don’t lock myself out.
- I First thought most cases of users locking themselves out was due to the authorization part.
- So here was my testing plan
1.ADD THE SERVER GROUP to the firewall.
2.use the following command
“test aaa-server authentication” àto check if the username and password is working properly
3.next to test the authorization
“test aaa-server authorization “ to test the following commands are allowed for my account
1.enableà because I am going to use the aaa server group to authorize enable command too.
2.wr
3.reload
4.exit
5.end
Etc.
I am to enter the following commands:
aaa authentication enable console MY_TACACS LOCAL
aaa authentication http console MY_TACACS LOCAL
aaa authentication ssh console MY_TACACS LOCAL
aaa authorization command MY_TACACS LOCAL
Then after everything is fine I am going to save the configurat
Please let me know if you find any flaws in the test method or if you have any other suggestion