Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
6
Replies

Creating a TACACVS Server for AAA authntication

gmaccisco1
Level 1
Level 1

‎09-07-2005 01:19 PM - edited ‎03-10-2019 02:18 PM

Hello,

I am trying to create a TACACS Server at our organization for enabling AAA authentication. As is i don't have AAA enabled on my Cisco Devices, routers, FW, Switches, etc. but we need one and I was wondering how should I go about and create the server itself to be a TACACS Authentication Server as well as a log server for all thlog files from our devices.

One of the main reasons beside the security for taking this path is to know who has logged onto what device at what time and what commands were executed as any given session.

I guess my question is this:

I need to create it on a Windows BOX, so should it be Windows 2000 or 2003?

what type of systems requirement is there for a such server?

do I need any special Applicatrion loaded onto this server to make it a TACACS servetr?

I would appreciate you help and am looking forward to your recommendations.

REgards,

Masood

Labels:
0 Helpful
6 Replies 6

umedryk
Level 5
Level 5

‎09-13-2005 10:36 AM

As far as I know, creating the server itself to be a TACACS Authentication Server as well as a log server for all the log files is not a good design

0 Helpful

gmaccisco1
Level 1
Level 1
In response to umedryk

‎09-20-2005 11:25 AM

Thanks for responding and sorry for late reply.

Yes I accept that it is not a good idea, I was thinking on that direction. I guess what I really need to know is hoe to create the TACACS Server itself? is there a particular application that I need to put on a , Say, Windows 2000 server to make it a TACACS Server?

as far as the commands in the router and switches, FW and other Cisco devices, I can do that but he sewrver I have nevr built one.

I appreciate any help I can get on this issue.

Regards,

Masood

0 Helpful

andrewclymer
Level 1
Level 1
In response to gmaccisco1

‎09-20-2005 01:05 PM

CiscoSecure for Windows supports TACACS+, and allows the acct logs to be sent to a centralised logging server. Allowing you to have many authentication servers and centralize logs via a smaller set of log servers.

As for processing the logs, http://www.extraxi.com has a reporting package designed to process and report on AAA logs.

0 Helpful

gmaccisco1
Level 1
Level 1
In response to andrewclymer

‎09-21-2005 07:01 AM

Thanks. How can I get the CiscoSecure package?

please advice,

Regards,

Masood

0 Helpful

andrewclymer
Level 1
Level 1
In response to gmaccisco1

‎09-21-2005 02:03 PM

CiscoSecure can be purchased from a Cisco Reseller

a quick Google for "Buy Cisco Secure" produces a fair few..

0 Helpful

gmaccisco1
Level 1
Level 1
In response to andrewclymer

‎09-21-2005 03:22 PM

Thanks.

I downloaded the CiscoSecure ACS from the Cisco Site and the report aaa from the site you refered me to.

here is the file I downloaded from Cisco:

CSCef62913-fix-ACSWIN-v3.3.1.16.zip

and the report aaa file trail version (fully functional for 60 days):

AAAR1.08.EXE

is this the one you recommended?

Thx,

Masood

0 Helpful
Customers Also Viewed These Support Documents