cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2619
Views
0
Helpful
3
Replies

Nexus 7k configuration with Tacacs

Angus Bishop
Level 1
Level 1

HI Experts ,

I am having a nexus 7k swich which need to be configured for tacacs

Currently i have cisco routers and switches configured to use the tacacs with the below commands

aaa new-model

!

!

aaa authentication login method group tacacs+ local

aaa authentication login local_auth local

aaa authorization config-commands

aaa authorization exec method group tacacs+ local

aaa authorization commands 1 method group tacacs+ local

aaa authorization commands 7 method group tacacs+ local

aaa authorization commands 15 method group tacacs+ local

aaa accounting exec method start-stop group tacacs+

aaa accounting commands 1 method start-stop group tacacs+

aaa accounting commands 7 method start-stop group tacacs+

aaa accounting commands 15 method start-stop group tacacs+

!

ip tacacs source-interface Vlan100

tacacs-server host 192.168.1.6

tacacs-server host 10.1.22.35

tacacs-server directed-request

tacacs-server key cisco

Can anyone please tell me how to configure the same setup in nexus .

Regards

Angus

3 Replies 3

prasad.gsmc
Level 1
Level 1

Hi,

Start with feature tacacs+ command in nexus :-)

and the rest you can refer to the following link

http://docwiki.cisco.com/wiki/Cisco_NX-OS/IOS_TACACS+,_RADIUS,_and_AAA_Comparison

any issues please post it here and I will be more than happy to help

regards

Prasad K

HI Prasad ,

Thanks for the reply

I neet to know the equivalant configuration for the above authorization commands in nexus .

I have configured the nexus and is working for authentication and accounting  , now i need to implement the authorization part .

tacacs-server key 7 "1972"

ip tacacs source-interface Vlan8

tacacs-server host 192.168.1.6 key 7 "1972"

tacacs-server host 10.1.22.35 key 7 "1972"

aaa group server tacacs+ Tacacs

    server 192.168.1.6

    server 10.1.22.35

aaa authentication login default group Tacacs

aaa accounting default group Tacacs

tacacs-server directed-request

Please let me know what changes need to be made in the ACS 5.2 .

Regards

Angus

HI All ,

Thanks for all your replies .

I have configured the nexus and added  command attributes under shell profile .

Nexus config

-----------------------------------------------------

tacacs-server key 7 "1972"

ip tacacs source-interface Vlan8

tacacs-server host 192.168.1.6 key 7 "1972"

tacacs-server host 10.1.22.35 key 7 "1972"

aaa group server tacacs+ Tacacs

    server 192.168.1.6

    server 10.1.22.35

aaa authentication login default group Tacacs

aaa authorization config-commands default group Tacacs

aaa authorization commands default group Tacacs

aaa accounting default group Tacacs

tacacs-server directed-request

ACS CONFIG

------------------------------------

Under Policy Element > Authorization and permision > Device administration > Shellprofiles > profilename > custome Attributes > Add entry manual

Attribute : Shell

Requierement : Optional   

Value : network-operator  ( Role you requiere )

Regards

Angus

Review Cisco Networking for a $25 gift card