Solved

TACACS server

Posted on 2004-04-21
4
2,401 Views
Last Modified: 2008-03-17
I am looking to install a TACACS server. We currently do not use any type of TACACS/Radius servers in our environment. Any points on what not to do/should do or any place that shows best practices for setting up either of these.
0
Comment
Question by:JaysonJackson
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
ekahan earned 250 total points
ID: 10881899
You may want to take a look at the Cisco Secure Access Control Server (ACS). There is a free evaluation copy you can download from CISCO.

http://www.cisco.com/warp/public/cc/pd/sqsw/sq/

As for the acctual router configuration you should look at this document from CISCO;

Configuring TACACS and Extended TACACS

http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_configuration_guide_chapter09186a00800d9c6c.html
0
 

Author Comment

by:JaysonJackson
ID: 10884759
i have downloaded the evaluation ekahan recommended and the notes from Cisco and they work.  thanks
0
 
LVL 1

Expert Comment

by:ekahan
ID: 10884814
Happy to e of help.
0
 
LVL 17

Expert Comment

by:mikecr
ID: 11030112
You must keep in mind it depends on what your going to do with the TACAC's/RADIUS server. They are both not one in the same. A radius server normally only provides authentication and authorization where a TACAC's server provides authentication, authorization, and accounting. It allows a more granular control over what attributes are passed when used. You can grant specific rights using TACAC's however a radius server only does a basic authentication. A sample would be connecting to a router. If you use Radius, you can only be authenticated to the router and would normally have full control. If you used a TACAC's server to do the same thing, you could set it up so that when a user would connect, they would only be allowed to run certain commands and would not have full control.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now