Improve company productivity with a Business Account.Sign Up

x
?
Solved

TACACS server

Posted on 2004-04-21
4
Medium Priority
?
2,415 Views
Last Modified: 2008-03-17
I am looking to install a TACACS server. We currently do not use any type of TACACS/Radius servers in our environment. Any points on what not to do/should do or any place that shows best practices for setting up either of these.
0
Comment
Question by:JaysonJackson
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
ekahan earned 1000 total points
ID: 10881899
You may want to take a look at the Cisco Secure Access Control Server (ACS). There is a free evaluation copy you can download from CISCO.

http://www.cisco.com/warp/public/cc/pd/sqsw/sq/

As for the acctual router configuration you should look at this document from CISCO;

Configuring TACACS and Extended TACACS

http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_configuration_guide_chapter09186a00800d9c6c.html
0
 

Author Comment

by:JaysonJackson
ID: 10884759
i have downloaded the evaluation ekahan recommended and the notes from Cisco and they work.  thanks
0
 
LVL 1

Expert Comment

by:ekahan
ID: 10884814
Happy to e of help.
0
 
LVL 17

Expert Comment

by:mikecr
ID: 11030112
You must keep in mind it depends on what your going to do with the TACAC's/RADIUS server. They are both not one in the same. A radius server normally only provides authentication and authorization where a TACAC's server provides authentication, authorization, and accounting. It allows a more granular control over what attributes are passed when used. You can grant specific rights using TACAC's however a radius server only does a basic authentication. A sample would be connecting to a router. If you use Radius, you can only be authenticated to the router and would normally have full control. If you used a TACAC's server to do the same thing, you could set it up so that when a user would connect, they would only be allowed to run certain commands and would not have full control.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
In short, I will be giving a guide on how to install UNMS on a virtual machine in hyper-v and change the default port for security (you don’t need to have a server, since Windows 10 supports hyper-v)
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question