TACACS+ with privilege levels.
I have a test box running TAC_Plus and a test switch for AAA at work. The switch is accessing the TACACS+ server just fine. Every time someone from the networking team moves on with another job we have to reset the passwords. The network has 250+ devices on it so a local database would be very tedious to manage. This is my first time working with AAA and TACACS+. I just need two accounts one with limited access to commands defined by us and then a full level 15 Admin account. Below is the test setup am I even going the right direction with this or is there a better way?
Summery: Define Users with different privilege levels(support and admin). Fall back to line login if TACACS+ is not functional. Code:
! Code:
### tac_plus.conf file Kyle |
Your configuration looks pretty good to me, although you probably also want to add in aaa authorization commands so the network devices check what authenticated users can/cannot do. This page looked to be very similar to what you are trying to do:
http://bdsltd.co.uk/network/cisco/tacacs.htm |
Quote:
I guess I'm just trying to see the links between who gets defined 15 access and who gets limited privileges. Thank for the help, Kyle |
All times are GMT -5. The time now is 12:17 AM. |