01 Dec

TACACS+ (tac_plus) with Brocade IronStack

This post shows how to configure a TACACS+ server for system authentication in Juniper SRX with open source tac_plus software.

Brocade IronStack configuration
aaa authentication web-server default local
aaa authentication login default tacacs+ enable local
aaa authentication login privilege-mode
aaa accounting commands 0 default start-stop tacacs+
aaa accounting exec default start-stop tacacs+
aaa accounting system default start-stop tacacs+
tacacs-server host 10.14.14.55
tacacs-server host 10.18.15.145
tacacs-server key NASKEYHERE
tacacs-server timeout 10
ip tacacs source-interface ve 998

reference: http://www1.brocade.com/downloads/documents/html_product_manuals/FI_ICX6650_07500_SCG/wwhelp/wwhimpl/common/html/wwhelp.htm#context=Security-converted&file=FI_Security.03.6.html

Incoming search terms:

  • brocade aaa server
  • brocade icx6650-64 tacacs
  • brocade tacacs
11 Oct

TACACS+ (tac_plus) with Juniper Netscreen SSG

This post shows how to configure a TACACS+ server for system authentication in Juniper Netscreen SSG with open source tac_plus software.

Juniper Netscreen SSG Configuration
set auth-server TACACS id 1
set auth-server TACACS server-name 192.168.1.100
set auth-server TACACS backup1 192.168.1.200 (optional)
set auth-server TACACS account-type admin
set auth-server TACACS type tacacs
set auth-server TACACS tacacs secret Tacacssecret1
set auth-server TACACS tacacs port 49
set admin auth server TACACS
set admin auth remote primary
set admin auth remote root
set admin privilege get-external

tac_plus configuration
key = Tacacssecret1
group = netscreen
{
service = netscreen
{
vsys = root
privilege = root
}
}
user = nmsns {
default service = permit
login = file /etc/passwd
member = netscreen
}

Incoming search terms:

  • tacacs plus juniper ssg
11 Oct

TACACS+ (tac_plus) with Juniper SRX

This post shows how to configure a TACACS+ server for system authentication in Juniper SRX with open source tac_plus software.

Juniper SRX configuration
Connect to SRX and enter configure mode
root@SRX-FW% cli
{primary:node1}
root@SRX-FW> configure
warning: Clustering enabled; using private edit
warning: uncommitted changes will be discarded on exit
Entering configuration mode{primary:node1}[edit]
root@SRX-FW#

Add a new TACACS+ server and set its IP address.
root@SRX-FW#set tacplus-server address 172.16.98.24

Specify the shared secret (password) of the TACACS+ server.
root@SRX-FW#set tacplus-server 172.16.98.24 secret Tacacssecret1

Specify the device’s loopback address as the source address.
root@SRX-FW#set tacplus-server 172.16.98.24 source-address 10.0.0.1

Set for single connection authentication
root@SRX-FW#set tacplus-server 172.16.98.24 single-connection

Set authentication order
root@SRX-FW# set system authentication-order tacplus
root@SRX-FW# set system authentication-order password

Set accounting logging
root@SRX-FW# set system accounting events login
root@SRX-FW#set system accounting events change-log
root@SRX-FW#set system accounting events interactive-commands
root@SRX-FW#set system accounting destination tacplus

Verify configuration
root@SRX-FW# show system tacplus-server
root@SRX-FW# show system accounting

tac_plus configuration
key = Tacacssecret1
group = srx {
service = junos-exec
{
local-user-name = root
}
}

user = srxadmin {
default service = permit
login = file /etc/passwd
member = srx
}

Incoming search terms:

  • juniper srx 345 tacacs server
  • junos tacas
  • Juniper TAC system
  • srx YANDEX
  • how to configure tacacs plus server for juniper
  • https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1828 G11AS8abecpbqUMrlo8bXxiKJ0ruWvrtPHuPMOadwRbsIdCBfMnBv50nEh5FkrD2 d9386682b756cdf106434029d52cbb4ba0967ef7&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme
  • juniper srx tacacs
  • srx tacacs
  • srx tacase认证
  • tacacs configuration on juniper srx
  • tacacs juniper srx
21 Nov

AAA configuration using TACACS+ (Cisco IOS and HP Procurve)

Basic configuration in IOS

aaa new-model
tacacs-server host 192.168.1.1 timeout 10 key sup36s3c63t
tacacs-server directed-request
aaa authentication login default group tacacs+ local enable
aaa authentication login SSH group tacacs+
aaa authentication login CONSOLE local
aaa authentication enable default group tacacs+ enable none
aaa authorization exec default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common

line con 0
login authentication CONSOLE

line vty 0 4
login authentication SSH

Basic configuration in HP Procurve (as version WB.15.12.0010)
HP-2920-24G-PoEP(config)tacacs-server host 192.168.1.1 key sup36s3c63t
HP-2920-24G-PoEP(config)aaa authentication console login tacacs local
HP-2920-24G-PoEP(config)aaa authentication console enable tacacs local
HP-2920-24G-PoEP(config)aaa authentication ssh login tacacs local
HP-2920-24G-PoEP(config)aaa authentication ssh enable tacacs local

Tested using this TACACS+ config
Explanation for Cisco AAA Configuration
Explanation for HP Procurve AAA Configuration

Incoming search terms:

  • procurve tacacs
  • acconut to login to hp procure server
  • Cisco AAA Configuration
  • configuring tacacs on hp
  • hp provureve tacacs
  • hp switch tacacs configuration
  • A10 tacac configuration
  • aaa hp procurve
  • adding tacacs hp 5406
  • authentication tacacs hp
  • comware 5 tacacs
  • configuration example tacacs on procurve j4904 switch 2848
  • configure tacacs aaa acounting on cisco ios
  • taccacs en switcj dell
  • configuring tacacs on 4500