Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
0
Helpful
1
Replies

Tacacs Enable on Cisco Terminal Server

ganeshp
Level 1
Level 1

‎10-11-2002 09:34 PM - edited ‎03-02-2019 02:01 AM

Is that possible to have Network Admins authenticate via tacacs for username and password and log all the transaction, but have a free flow for terminal server access? In other word, tacacs for Network admin but no tacacs for end user terminal server access. IF possible, is there any sample config that i can refer ?

regards,

Ganesh

Labels:
0 Helpful
1 Reply 1

lgijssel
Level 9
Level 9

‎10-14-2002 04:48 AM

Dear Ganesh,

This is not as difficult as it may seem. Under aaa configurtion, you specifiy for which connections you want to use a certain login-method.

It is not usual to make the TS-connection autjhenticate locally, but it can still be done. You will have to enter a username/passwd for any user on all servers to make this information locally available.

Below I have listed a setup as I use it myself and I have put some comment after the lines (following >) This is something that you can check in the aaa commands for yourself. Here we go:

define your user database:

user test1 passwd cisco

etc

aaa new-model

aaa authentication login default tacacs+ > describe the default method to authenticate, in your case this will be 'local', I presume.

aaa authentication login no_tacacs enable > used for console access, see below. The enable passwd is the passwd required for this method.

aaa authentication ppp default tacacs+ > the default for ppp sessions, can be omitted (as the default states local) or changed to local.

aaa authorization exec default tacacs+ > to get on the prompt, tacacs must be used. You will need this line.

aaa authorization network default tacacs+ > Applies to network connections

aaa accounting suppress null-username

aaa accounting update newinfo

aaa accounting exec default start-stop tacacs+ > Used to log connections

aaa accounting network default start-stop tacacs+ > similar

aaa accounting connection default start-stop tacacs+ > similar

in the config you need to define the tacacs server:

tacacs-server host 10.11.19.4

tacacs-server key -enter-your-key-here-

on the console line, create a backdoor:

line con 0

login authentication no_tacacs

This is not a tutorial, I did dis mainly by head.

I could set it up this way but dont nail on the exact syntax.

Hopefully, you have enough info now to get going.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card