Rich,
You can assign privileges with RADIUS and do exec authorization, but not
command authorization or accounting.
There is a freeware TACACS+ server called tac_plus, originally released by us
many moons ago, though it still has community support.
Javier Henderson
jav...@cisco.com
> On Jul 3
On Wed, 2014-07-30 at 15:15 -0400, Andrew Wentzell wrote:
> On Wed, Jul 30, 2014 at 3:01 PM, Rich Lewis wrote:
> > And if so, is there a way (that people are happy implementing) to
> > get TACACS+ without buying Cisco ACS or ISE? (Don't expect you to
> > answer this bit Javier! ;-)
>
> tac_plus w
If you’re running windows you might try http://tacacs.net.
Thanks
Scott
On Jul 30, 2014, at 3:15 PM, Andrew Wentzell wrote:
> On Wed, Jul 30, 2014 at 3:01 PM, Rich Lewis wrote:
>
>> And if so, is there a way (that people are happy implementing) to get
>> TACACS+ without buying Cisco ACS or IS
On Wed, Jul 30, 2014 at 3:01 PM, Rich Lewis wrote:
> And if so, is there a way (that people are happy implementing) to get
> TACACS+ without buying Cisco ACS or ISE? (Don't expect you to answer this
> bit Javier! ;-)
>
tac_plus works well for me. It's free, stable, and not-a-headache to use.
ht
Am I correct in thinking that none of this fancy enable authentication,
authorization and accounting stuff is available if you use RADIUS rather than
TACACS+?
And if so, is there a way (that people are happy implementing) to get TACACS+
without buying Cisco ACS or ISE? (Don't expect you to answ
Thanks all. I think I had a bit of a brain freeze there.. It's been a while
since I've been configuring devices from scratch without a pre-exisiting
template.
With regard to the accounting, I'm using the syslog features to log the
commands that way rather than the TACACS server. I prefer being ab
You already got some good advice on this, I’d like to add a couple of comments.
Since you have “aaa authorization exec …” in your config, the privilege level
for the users could be assigned by the TACACS+ server, then the users would get
that upon log-in rather than having to type enable and ent
On Wed, Jul 30, 2014 at 8:39 AM, Sam Stickland wrote:
> I'm really stumped. Why does it not talk to the TACACS server for
> exec/enable?
>
You will need to add something like:
aaa authentication enable default group tacacs+ enable
You will also most likely want to add, at a minimum:
aaa a
sp-boun...@puck.nether.net] On Behalf Of Sam
Stickland
Sent: 30 July 2014 13:40
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] TACACS+ exec authorisation no working on Cisco 2960CG
Hi,
I have a very simple TACACS+ configuration that is still using the local
enable secret and not the the TAC
Hi,
I have a very simple TACACS+ configuration that is still using the local
enable secret and not the the TACACS server:
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa session-id common
tacacs-server host x.x.x.x key 7 X
10 matches
Mail list logo