Announcement

Collapse
No announcement yet.

Problem Configuring TACACS+ Server for AAA to Access Router via Telnet

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem Configuring TACACS+ Server for AAA to Access Router via Telnet

    I would use Cisco Secure ACS, but you must have a contract. Unfortunately, I have to resort to a third party TACACS+ Server.

    Im trying to configure ClearBox to authenticate users by entering username and password information to access my Router. Im having problems entering username & password into ClearBox. The instructions documentation does not explain it clearly how to configure it.

    I currently can telnet into it remotely using local username password, but I want to enable the TACACS+ server (installed on PC) to do the AAA instead.

    Can someone assist me in properly configuring ClearBox?

    Below are my configuration and attach Diagram:

    studyrouter#sh runn
    Building configuration...

    Current configuration : 4707 bytes
    !
    ! Last configuration change at 09:17:42 MST Tue May 6 2008 by tsignal32
    ! NVRAM config last updated at 22:39:08 MST Sat May 3 2008 by tsignal32
    !
    version 12.3
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname studyrouter
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 4096 debugging
    enable secret 5 $1$qPFa$Oj.SOSZq11B0V.ccD...p/
    enable password 7 1414130900012E2A332F
    !
    clock timezone MST -7
    aaa new-model
    !
    !
    aaa authentication login default group tacacs+ line enable
    aaa authentication enable default group tacacs+ enable line
    aaa authentication ppp default local
    aaa authorization exec default if-authenticated
    aaa authorization commands 1 default group tacacs+ if-authenticated none
    aaa accounting exec default start-stop group tacacs+
    aaa accounting commands 15 default start-stop group tacacs+
    aaa session-id common
    ip subnet-zero
    ip cef
    !
    !
    ip dhcp pool VLAN2
    network 192.168.2.0 255.255.255.0
    dns-server 68.xxx.28.xx
    default-router 192.168.2.2
    !
    ip dhcp pool VLAN3
    network 192.168.3.0 255.255.255.0
    dns-server 68.xxx.28.xx
    default-router 192.168.3.3
    !
    ip dhcp pool VLAN5
    network 192.168.5.0 255.255.255.0
    dns-server 68.xxx.28.xx
    default-router 192.168.5.5
    !
    ip dhcp pool MYPOOL
    network 192.168.1.0 255.255.255.0
    dns-server 68.xxx.28.xx
    default-router 192.168.1.1
    !
    ip audit po max-events 100
    vpdn enable
    vpdn ip udp ignore checksum
    !
    vpdn-group tsignal33
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    virtual-template 1
    !
    !
    username tsignal32 privilege 15 password 7 06050E23404B0D181210
    !
    !
    interface FastEthernet0/0
    ip address 192.168.4.223 255.255.255.0
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip address 192.168.1.1 255.255.255.0
    duplex auto
    speed auto
    !
    interface FastEthernet0/1.2
    encapsulation dot1Q 2
    ip address 192.168.2.2 255.255.255.0
    no snmp trap link-status
    !
    interface FastEthernet0/1.3
    encapsulation dot1Q 3
    ip address 192.168.3.3 255.255.255.0
    no snmp trap link-status
    !
    interface FastEthernet0/1.5
    encapsulation dot1Q 5
    ip address 192.168.5.5 255.255.255.0
    no snmp trap link-status
    !
    interface Virtual-Template1
    ip unnumbered FastEthernet0/1
    peer default ip address pool defaultpool
    ppp encrypt mppe auto required
    ppp authentication ms-chap ms-chap-v2
    !
    ip local pool defaultpool 192.168.2.20 192.168.2.55
    ip http server
    ip http secure-server
    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.4.222
    !
    !
    !
    tacacs-server host 192.168.1.2 key 7 0839545611011D0F0A13141C3233
    tacacs-server directed-request
    snmp-server community studyrouter RW
    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
    snmp-server enable traps tty
    snmp-server enable traps xgcp
    snmp-server enable traps isdn call-information
    snmp-server enable traps isdn layer2
    snmp-server enable traps isdn chan-not-avail
    snmp-server enable traps isdn ietf
    snmp-server enable traps hsrp
    snmp-server enable traps config
    snmp-server enable traps entity
    snmp-server enable traps config-copy
    snmp-server enable traps envmon
    snmp-server enable traps bgp
    snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
    snmp-server enable traps ipmulticast
    snmp-server enable traps msdp
    snmp-server enable traps rsvp
    snmp-server enable traps frame-relay
    snmp-server enable traps frame-relay subif
    snmp-server enable traps rtr
    snmp-server enable traps syslog
    snmp-server enable traps stun
    snmp-server enable traps dlsw
    snmp-server enable traps bstun
    snmp-server enable traps dial
    snmp-server enable traps dsp card-status
    snmp-server enable traps atm subif
    snmp-server enable traps pppoe
    snmp-server enable traps ipmobile
    snmp-server enable traps isakmp policy add
    snmp-server enable traps isakmp policy delete
    snmp-server enable traps isakmp tunnel start
    snmp-server enable traps isakmp tunnel stop
    snmp-server enable traps ipsec cryptomap add
    snmp-server enable traps ipsec cryptomap delete
    snmp-server enable traps ipsec cryptomap attach
    snmp-server enable traps ipsec cryptomap detach
    snmp-server enable traps ipsec tunnel start
    snmp-server enable traps ipsec tunnel stop
    snmp-server enable traps ipsec too-many-sas
    snmp-server enable traps voice poor-qov
    snmp-server enable traps dnis
    snmp-server host 192.168.1.1 version 2c studyrouter
    !
    !
    !
    !
    banner login ^Canner login



    Access for authorized users Only. Please enter username and password.
    ^C
    !
    line con 0
    password 7 06050E23404B0D181210
    line aux 0
    line vty 0 4
    exec-timeout 15 0
    password 7 104D081B0912160A1B03
    login authentication tacacs+
    transport input telnet
    !
    ntp clock-period 17180560
    ntp server 132.163.4.101
    !
    end

    studyrouter#
    Attached Files
Working...
X