Tag: <span>tacacs</span>

Configuring Huawei Router to authenticate (also including authorization and accounting) to Tacacs+ server 10.10.10.10 – Tacacs+/ACS/ISE/AAA server#1 10.10.10.11 – Tacacs+/ACS/ISE/AAA server#2 20.20.20.2 –  Loopback/source IP Configure the tacacs server profile or template hwtacacs-server template <PROFILENAME> hwtacacs-server authentication <TACACS IP#1> hwtacacs-server authentication <TACACS IP#2> secondary hwtacacs-server authorization <TACACS IP#1> hwtacacs-server authorization <TACACS IP#2> secondary hwtacacs-server accounting <TACACS IP#1> hwtacacs-server accounting <TACACS IP#2> secondary hwtacacs-server source-ip <SOURCE IP> hwtacacs-server shared-key cipher <TACACS KEY> hwtacacs-server user-name original Sample Config: hwtacacs-server template freenetworktutorials  …

Huawei

It is recommended to implement the separation of management and data/customer traffic in your Datacenter switches like  Cisco Nexus devices (e.g. Nexus 7000, Nexus 9000).  Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization and Accounting (AAA) -preferably to setup centralized TACACS+ to manage all your devices, some uses Cisco® Identity Services Engine (ISE)…

Cisco

Configuring Juniper to authenticate (also including authorization and accounting) to Tacacs+ server 10.10.10.10 – Tacacs+ AAA server 20.20.20.2 –  Loopback IP Juniper: system { host-name JUNIPER-ROUTER1; } authentication-order [ tacplus password ]; root-authentication { encrypted-password “$r00tp44sw0rdh3r3/1”; ## SECRET-DATA } tacplus-server { 10.10.10.10 { secret “$4ut0g3n3r4t3t4c4c5p455w0rd1”; ## SECRET-DATA single-connection; source-address 20.20.20.2; } } accounting { events interactive-commands; destination { tacplus { server { 10.10.10.10 { secret “$4ut0g3n3r4t3t4c4c5p455w0rd2”; ## SECRET-DATA single-connection; source-address 20.20.20.2; } } firewall { family inet { filter FIREWALL-RE…

Juniper