Solved

TACACS server

Posted on 2004-04-21
4
2,408 Views
Last Modified: 2008-03-17
I am looking to install a TACACS server. We currently do not use any type of TACACS/Radius servers in our environment. Any points on what not to do/should do or any place that shows best practices for setting up either of these.
0
Comment
Question by:JaysonJackson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
ekahan earned 250 total points
ID: 10881899
You may want to take a look at the Cisco Secure Access Control Server (ACS). There is a free evaluation copy you can download from CISCO.

http://www.cisco.com/warp/public/cc/pd/sqsw/sq/

As for the acctual router configuration you should look at this document from CISCO;

Configuring TACACS and Extended TACACS

http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_configuration_guide_chapter09186a00800d9c6c.html
0
 

Author Comment

by:JaysonJackson
ID: 10884759
i have downloaded the evaluation ekahan recommended and the notes from Cisco and they work.  thanks
0
 
LVL 1

Expert Comment

by:ekahan
ID: 10884814
Happy to e of help.
0
 
LVL 17

Expert Comment

by:mikecr
ID: 11030112
You must keep in mind it depends on what your going to do with the TACAC's/RADIUS server. They are both not one in the same. A radius server normally only provides authentication and authorization where a TACAC's server provides authentication, authorization, and accounting. It allows a more granular control over what attributes are passed when used. You can grant specific rights using TACAC's however a radius server only does a basic authentication. A sample would be connecting to a router. If you use Radius, you can only be authenticated to the router and would normally have full control. If you used a TACAC's server to do the same thing, you could set it up so that when a user would connect, they would only be allowed to run certain commands and would not have full control.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month3 days, 21 hours left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question