Solved

TACACS server

Posted on 2004-04-21
4
2,403 Views
Last Modified: 2008-03-17
I am looking to install a TACACS server. We currently do not use any type of TACACS/Radius servers in our environment. Any points on what not to do/should do or any place that shows best practices for setting up either of these.
0
Comment
Question by:JaysonJackson
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
ekahan earned 250 total points
ID: 10881899
You may want to take a look at the Cisco Secure Access Control Server (ACS). There is a free evaluation copy you can download from CISCO.

http://www.cisco.com/warp/public/cc/pd/sqsw/sq/

As for the acctual router configuration you should look at this document from CISCO;

Configuring TACACS and Extended TACACS

http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_configuration_guide_chapter09186a00800d9c6c.html
0
 

Author Comment

by:JaysonJackson
ID: 10884759
i have downloaded the evaluation ekahan recommended and the notes from Cisco and they work.  thanks
0
 
LVL 1

Expert Comment

by:ekahan
ID: 10884814
Happy to e of help.
0
 
LVL 17

Expert Comment

by:mikecr
ID: 11030112
You must keep in mind it depends on what your going to do with the TACAC's/RADIUS server. They are both not one in the same. A radius server normally only provides authentication and authorization where a TACAC's server provides authentication, authorization, and accounting. It allows a more granular control over what attributes are passed when used. You can grant specific rights using TACAC's however a radius server only does a basic authentication. A sample would be connecting to a router. If you use Radius, you can only be authenticated to the router and would normally have full control. If you used a TACAC's server to do the same thing, you could set it up so that when a user would connect, they would only be allowed to run certain commands and would not have full control.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now