TACACS+ Configuration on Packet Tracer

tacacs-config-on-packet-tracer

Cisco TACACS+ Configuration

 

TACACS+ is one of the AAA Protocols originally created by Cisco. But after a while it became a Standard AAA Protocol. In this lesson, we will learn Cisco TACACS+ Configuration on Packet Tracer.

tacacs-config-on-packet-tracer

We will configure the below topoology for Cisco TACACS+ Configuration.

Here, we will do the TACACS+ Configuration on Cisco Switch. And in the AAA Server, we will define AAA Credentials. Anyone who is defined in AAA Server, can access to the switch via Telnet. For this, we will also define telnet login method on Cisco switch.

Now, let’s see that what will we do in this Packet Tracer Configuration lesson step by step:

  1. IP Configurations
    1. Server IP Configuration
    2. Switch VLAN Interface IP Configuration
    3. PC and Laptop IP Configuration
  2. Switch AAA TACACS+ Configuration
    1. Enabling AAA
    2. Setting Username / Password
    3. Setting Authetication Method
    4. Assigning TACACS Server
    5. Telnet Configuration
    6. TACACS+ Authorisation Configuration
    7. TACACS+ Accounting Configuration

 

  1. AAA Server TACACS+ Configuration
  2. Testing TACACS+ Via Telnet

 

IP Configurations

 

Server IP Address Configuration

 

Our AAA Server IP will be 192.168.0.1/24. We will configure it on the server. We can configure it in the desktop, ip configuration part.

 

TACACS-server-configuration

Switch VLAN Interface IP Configuration

 

On the switch, we will give an IP address to VLAN 1 interface. Then we will use “no shutdown” command to open this vlan interface.

Switch# configure terminal

Switch(config)# interface Vlan 1

Switch(config-vlanif)# ip address 192.168.0.2 255.255.255.0

Switch(config-vlanif)# no shutdown

Switch(config-vlanif)# end

 

PC and Laptop IP Configuration

 

We will configure the IP addressses of each PC and Laptop like below:

 

PC0 : 192.168.0.5/24

PC1 : 192.168.0.6/24

Laptop  : 192.168.0.7/24

 

tacacs-config-2

After the configurations, we will successfully ping from PCs to switch VLAN interface and AAA Server Address.

 

 

Switch AAA TACACS+ Configuration

 

Enabling AAA

 

On the switch we will define the below AAA configuration steps. Firstly, we will enable AAA  with “aaa-new model” command.

 

 

Switch(config)# aaa new-model

 

 

Setting Username / Password

 

Then, we will define username and password for our user. Here, our username will be “ipcisco” and password will be “abc123”.

 

Switch(config)# username ipcisco password abc123

 

 

Setting Authetication Method

 

In this step we will define the authentication as TACACS+ and we will set the used list name. Here, our list name is IPCISCOAUTH here.

 

 

Switch(config)# aaa authentication login IPCISCOAUTH group tacacs+ local

 

 

At the end of our command, there is a keyword “local”. This provide using username database for authentication. We can use “enable” instead of this. At tthat time, enable password is used for authentication.

 

Assigning TACACS Server

 

 

In this step, we will set the TACACS+ Server that we will use with a key. This key will be “xyz”. It is used only between the switch and the TACACS+ Server.

 

Switch(config)# tacacs-server host 192.168.0.1 key xyz

 

 

Telnet Configuration

 

We will configure telnet sessions to use IPCISCOAUTH as login authentication.

 

Switch(config)# line vty 0 4

 

Switch(config-line)# login authentication IPCISCOAUTH

 

 

TACACS+ Authorisation Configuration

 

In this step we will configure TACACS+ Authorisation with the below commands. Here, “exec” command configures  TACACS+ only if the users has privileged “exec” access.  Instead, we can use “network” keyword, to configure for this for all network services.

 

Switch(config)# aaa authorisation exec default group tacacs+

 

 

TACACS+ Accounting Configuration

 

In this step we will set accounting for TACACS+. Here, again there is an “exec” command and a “network” command. “exec” is used for priviledged exec mode and “network” is used for all network activities.

 

Switch(config)# aaa accounting exec start-stop tacacs+

 

 

 

AAA Server TACACS+ Configuration

 

On the AAA Server, we will go to the services tab and in this tab, we will select AAA at the left hand. In here, we will enable the service with selecting “on” and we will do the required configuration.

 

We will set the client name, here, our client name is switch (swithc’s name).

We will set the client IP, it is 192.168.0.2 (VLAN 1 Interface IP).

We will set the secret key, it is “xyz” like we have configured on switch.

We will set the server type as TACACS.

 

After setting all these, we will add this to the configuration with “add” button.

 

aaa-server-tacacs-config

 

After that we will set the user setup part with the user login information. We have also set these credentials like below:

 

username : ipcisco

password : abc123

 

cisco-tacacs-server-configuraiton

 

 

Testing TACACS+ Via Telnet

 

After all these configurations, we will test our TACACS+ Configuration via Telnet. TO do this, we will enter the command prompt on a PC and then start a telnet session towards the switch VLAN interface 1.

 

C:\> telnet 192.168.0.2

 

 

After this command, we will be asked username and password. With our user credentials, we will access the switch cli.

 

username : ipcisco

password : abc123

testing-tacacs-via-telnet

 

Lesson tags: AAA, RADIUS, TACACS+
Back to: CCIE > AAA

Leave a Reply

Your email address will not be published. Required fields are marked *




CCIE