tacacs - Free Network

Best Security Practices for Huawei Routers on Management Plane

It is recommended to implement the separation of management and data/customer traffic in your Huawei Service Routers (e.g. NE40E Series). Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. These are the steps on hardening the security on Huawei Routers. Management instance can be configured using these commands: ip vpn-instance STRING<1-31> description TEXT<1-242> ipv4-family Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization…

Huawei

AAA ACL authentication Banner header huawei info-center login management NTP password security SNMP SSH Syslog tacacs timezone vpn-instance

TACACS (AAA) Configuration on Huawei Router

Configuring Huawei Router to authenticate (also including authorization and accounting) to Tacacs+ server 10.10.10.10 – Tacacs+/ACS/ISE/AAA server#1 10.10.10.11 – Tacacs+/ACS/ISE/AAA server#2 20.20.20.2 – Loopback/source IP Configure the tacacs server profile or template hwtacacs-server template <PROFILENAME> hwtacacs-server authentication <TACACS IP#1> hwtacacs-server authentication <TACACS IP#2> secondary hwtacacs-server authorization <TACACS IP#1> hwtacacs-server authorization <TACACS IP#2> secondary hwtacacs-server accounting <TACACS IP#1> hwtacacs-server accounting <TACACS IP#2> secondary hwtacacs-server source-ip <SOURCE IP> hwtacacs-server shared-key cipher <TACACS KEY> hwtacacs-server user-name original Sample Config: hwtacacs-server template freenetworktutorials …

Huawei

AAA accounting acs authentication authorization huawei hwtacacs ise local-user scheme tacacs

One Comment

Best Security Practices for Cisco Nexus OS (NX-OS) on Management Plane

It is recommended to implement the separation of management and data/customer traffic in your Datacenter switches like Cisco Nexus devices (e.g. Nexus 7000, Nexus 9000). Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization and Accounting (AAA) -preferably to setup centralized TACACS+ to manage all your devices, some uses Cisco® Identity Services Engine (ISE)…

Cisco

AAA Banner management plane NTP security SNMP SSH Syslog tacacs

TACACS (AAA) Configuration in Juniper

Configuring Juniper to authenticate (also including authorization and accounting) to Tacacs+ server 10.10.10.10 – Tacacs+ AAA server 20.20.20.2 – Loopback IP Juniper: system { host-name JUNIPER-ROUTER1; } authentication-order [ tacplus password ]; root-authentication { encrypted-password “$r00tp44sw0rdh3r3/1”; ## SECRET-DATA } tacplus-server { 10.10.10.10 { secret “$4ut0g3n3r4t3t4c4c5p455w0rd1”; ## SECRET-DATA single-connection; source-address 20.20.20.2; } } accounting { events interactive-commands; destination { tacplus { server { 10.10.10.10 { secret “$4ut0g3n3r4t3t4c4c5p455w0rd2”; ## SECRET-DATA single-connection; source-address 20.20.20.2; } } firewall { family inet { filter FIREWALL-RE…

Juniper

Juniper tacacs

2 Comments

This server has received 520821 hits from both ipv4 and ipv6.
IPv4	91.9%
IPv6	8.1%

Tag: <span>tacacs</span>

Best Security Practices for Huawei Routers on Management Plane

TACACS (AAA) Configuration on Huawei Router

Best Security Practices for Cisco Nexus OS (NX-OS) on Management Plane

TACACS (AAA) Configuration in Juniper