The first step in setting up this new TACACS+ server will be to acquire the software from the repositories :<\/p>\n\n\n\n
root@debian-tacacs:~# apt-get install tacacs+ -y<\/strong><\/p>\n\n\n\n This file is where all the TACACS specifications should reside (user permissions, access control lists, host keys, etc). The first thing that needs to be created is a key for the network devices. edit file \/etc\/tacacs+\/tac_plus.conf. The following configuration created for multipe Vendor ( Cisco IOS, Cisco NXOS, Junos, F5, HP Comware, Brocade ICX, Brocade VDX )<\/p>\n\n\n\n group = admin { root@debian-tacacs:~# tac_pwd auth tacacs system-auth { aaa authentication login tacacs+ local-auth-fallback <\/p>\n\n\n\n AAA Configuration on Brocade ICX<\/p>\n\n\n\n aaa authentication login default tacacs+ enable <\/p>\n\n\n\n AAA Configuration on Cisco IOS XE<\/p>\n\n\n\n aaa new-model The first step in setting up this new TACACS+ server will be to acquire the software from the repositories : root@debian-tacacs:~# apt-get install tacacs+ -y This file is where all the TACACS specifications should reside (user permissions, access control lists, host keys, etc). The first thing that needs to be created is a key for…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/posts\/1"}],"collection":[{"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rotreein.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1"}],"version-history":[{"count":23,"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/posts\/1\/revisions"}],"predecessor-version":[{"id":72,"href":"https:\/\/rotreein.com\/index.php?rest_route=\/wp\/v2\/posts\/1\/revisions\/72"}],"wp:attachment":[{"href":"https:\/\/rotreein.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rotreein.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rotreein.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
default service = permit
service = exec {
priv-lvl = 15
optional brcd-role = admin
}
pap = PAM
service = ppp protocol = ip {
F5-LTM-User-Info-1 = resource
F5-LTM-User-Console = 1
F5-LTM-User-Role = 20
}
cmd = system-view {
permit .*
}
cmd = display {
permit .*
}
}
group = netoperator {
default service = deny
service = exec {
priv-lvl = 15
}
pap = PAM
service = ppp protocol = ip {
F5-LTM-User-Info-1 = operator
F5-LTM-User-Console = 1
F5-LTM-User-Role = 400
}
cmd = show {
permit .*
}
cmd = write {
permit .*
}
cmd = copy {
permit .*
}
cmd = exit {
permit .*
}
cmd = display {
permit current-configuration
}
cmd = display {
permit interface
}
cmd = display= {
permit version
}
cmd = save {
permit .*
}
}<\/strong>
group = netguest {
default service = deny
service = exec {
priv-lvl = 15
}
pap = PAM
service = ppp protocol = ip {
F5-LTM-User-Info-1 = guest
F5-LTM-User-Console = 1
F5-LTM-User-Role = 700
F5-LTM-User-Partition = all
}<\/strong>
cmd = show {
permit runn.*
}
cmd = exit {
permit .*
}
cmd = display {
permit current-configuration
}
}
user = groupuser { login = des TbLklpSxuUBdQ pap = des TbLklpSxuUBdQ member = netguest }
user = groupoperator { login = des TbLklpSxuUBdQ pap = des TbLklpSxuUBdQ member = netoperator }
user = groupadmin{ login = des TbLklpSxuUBdQ pap = des TbLklpSxuUBdQ member = netadmin }
<\/strong><\/p>\n\n\n\n
Example manually generated DES encryption password using tac_pwd<\/p>\n\n\n\n
Password to be encrypted: awasadakabel
TDp8zyr\/csMO
root@debian-tacacs:~#<\/strong><\/p>\n\n\n\n
AAA Configuration on BIGIP F5<\/p>\n\n\n\n
protocol ip
secret $M$4g$wSz5Qw7SXT2guZVejcY1Eg==
servers { 192.168.100.100 } # IP Tacacs+ Server
service ppp
}
auth remote-role {
role-info {
netadmin {<\/strong>
attribute F5-LTM-User-Info-1=resource
line-order 1
role resourceadmin
user-partition All
}
netguest {
attribute F5-LTM-User-Info-1=guest
line-order 5
role guest
user-partition All
}
netoperator {
attribute F5-LTM-User-Info-1=operator
line-order 2
role operator
user-partition All
}
}<\/strong><\/p>\n\n\n\n
AAA Configuration on HP Comware v7<\/p>\n\n\n\n#hwtacacs scheme tac<\/strong><\/code>
<\/strong>primary authentication <\/strong><\/code>192.168.100.100
<\/strong>primary authorization 192.168.100.100<\/strong><\/code>
<\/strong>primary authorization <\/strong><\/code>192.168.100.100
<\/strong>key authentication simple @password@<\/strong><\/code>
<\/strong>key authorization simple @password@<\/strong><\/code>
<\/strong>key accounting simple @<\/strong><\/code>password@
<\/strong>user-name-format without-domain <\/strong><\/code>
<\/strong>#domain system <\/strong><\/code>
<\/strong>authentication login hwtacacs-scheme tac local<\/strong><\/code>
<\/strong>authorization login hwtacacs-scheme tac local<\/strong><\/code>
<\/strong>accounting login hwtacacs-scheme tac local<\/strong><\/code>
<\/strong>authorization command hwtacacs-scheme tac local<\/strong><\/code>
<\/strong>accounting command hwtacacs-scheme tac<\/strong><\/code>
<\/strong>#domain defaultenable system<\/strong><\/code>
<\/strong>role default-role enable<\/strong><\/code>
<\/strong>authentication-mode scheme<\/strong><\/code>
<\/strong>superauthentication-mode scheme local<\/strong><\/code>
<\/strong>line vty 063<\/strong><\/code>
<\/strong>authentication-mode scheme<\/strong><\/code>
command authorization<\/strong><\/p>\n\n\n\n
AAA Configuration on Brocade VDX (NOS)<\/p>\n\n\n\n
aaa accounting exec default start-stop tacacs+
aaa accounting commands default start-stop tacacs+
tacacs-server host 172.16.69.29 use-vrf default-vrf
protocol pap
key BukaLapak
encryption-level 7
retries 100
!<\/strong><\/p>\n\n\n\n
aaa authentication login privilege-mode
aaa authorization commands 0 default tacacs+
aaa authorization exec default tacacs+
aaa accounting commands 0 default start-stop tacacs+
aaa accounting exec default start-stop tacacs+
aaa accounting system default start-stop tacacs+
enable aaa console
tacacs-server host 192.168.100.100
tacacs-server key @password@<\/strong><\/p>\n\n\n\n
aaa authentication login default group tacacs+ local-case
aaa authorization config-commands
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization commands 15 default group tacacs+ local if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
tacacs-server host 192.168.100.100
tacacs-server key @password@<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"