Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1714
Views
0
Helpful
4
Replies

Tacacs configuration for the Cisco device

Angus Bishop
Level 1
Level 1

‎09-28-2011 10:32 PM - edited ‎03-07-2019 02:30 AM

HI Experts ,

I am having a nexus 7k swich which need to be configured for tacacs

Currently i have cisco routers and switches configured to use the tacacs with the below commands

aaa new-model

!

!

aaa authentication login method group tacacs+ local

aaa authentication login local_auth local

aaa authorization config-commands

aaa authorization exec method group tacacs+ local

aaa authorization commands 1 method group tacacs+ local

aaa authorization commands 7 method group tacacs+ local

aaa authorization commands 15 method group tacacs+ local

aaa accounting exec method start-stop group tacacs+

aaa accounting commands 1 method start-stop group tacacs+

aaa accounting commands 7 method start-stop group tacacs+

aaa accounting commands 15 method start-stop group tacacs+

!

ip tacacs source-interface Vlan100

tacacs-server host 192.168.1.6

tacacs-server host 10.1.22.35

tacacs-server directed-request

tacacs-server key cisco

Can anyone please tell me how to configure the same setup in nexus7k .

Regards

Angus

Labels:
0 Helpful
4 Replies 4

Angus Bishop
Level 1
Level 1
In response to le_

‎09-29-2011 12:27 AM

HI Lukee,

Thanks for the reply ,

I neet to know the equialant configuration for the above authorization commands in nexus .

I have configured the nexus and is working , now i need to implement the authorization part .

tacacs-server key 7 "1972"

ip tacacs source-interface Vlan8

tacacs-server host 192.168.1.6 key 7 "1972"

tacacs-server host 10.1.22.35 key 7 "1972"

aaa group server tacacs+ Tacacs

    server 192.168.1.6

    server 10.1.22.35

aaa authentication login default group Tacacs

aaa accounting default group Tacacs

tacacs-server directed-request

Regards

Angus

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to Angus Bishop

‎09-29-2011 07:01 AM

Hi Angus,

Do the below config in your Nexus switch in order to get autherization.

aaa group server tacacs+ AAA-Server
aaa authentication login default group AAA-Server


feature tacacs+
ip tacacs source-interface Vlan2
tacacs-server host [ip address] key 7 "TEST"
aaa group server tacacs+ TacServer
     server [ip address]
    use-vrf
aaa authentication login default group TacServer
tacacs-server directed-request

Please rate the helpful posts.
Regards,
Naidu.

0 Helpful

Angus Bishop
Level 1
Level 1
In response to Latchum Naidu

‎10-03-2011 10:05 PM

HI All ,

Thanks for all your replies .

I have configured the nexus and added  command attributes under shell profile of ACS and found everything is working fine .

Nexus config

-----------------------------------------------------

tacacs-server key 7 "1972"

ip tacacs source-interface Vlan8

tacacs-server host 192.168.1.6 key 7 "1972"

tacacs-server host 10.1.22.35 key 7 "1972"

aaa group server tacacs+ Tacacs

    server 192.168.1.6

    server 10.1.22.35

aaa authentication login default group Tacacs

aaa authorization config-commands default group Tacacs

aaa authorization commands default group Tacacs

aaa accounting default group Tacacs

tacacs-server directed-request

ACS CONFIG

------------------------------------

Under Policy Element > Authorization and permision > Device administration > Shellprofiles > profilename > custome Attributes > Add entry manual

Attribute : Shell

Requierement : Optional  

Value : network-operator  ( Role you requiere )

Regards

Angus

Preview file
41 KB
0 Helpful
Customers Also Viewed These Support Documents