★ TACACS Authentication with iMC and AC
- 0 Followed
- 0Collected ,2766Browsed
Network Topology
AC--SW--iMC
Configuration Steps
1.Switch configuration:
#
hwtacacs scheme liang
primary authentication xxx.168.207.116
primary authorization xxx.168.207.116
primary accounting xxx.168.207.116
key authentication cipher $c$3$9a8o4Y2zeFeDPK2ypq8WXINP0usL9MogMYeNIqg=
key authorization cipher $c$3$3f2qc9Evi+aVWp68RprJFaP2t+xUE4u1VI0Sz7Q=
key accounting cipher $c$3$vQwmZmNXmP93/Tv2MSv1QgLjw0HGJmBkAaOB2zU=
user-name-format without-domain
#
#
domain liang
authentication login hwtacacs-scheme liang
authorization login hwtacacs-scheme liang
accounting login hwtacacs-scheme liang
#
#
line vty 0 4
authentication-mode scheme
user-role network-admin
user-role network-operator
idle-timeout 35791 0
#
2.Tacacs server configuration
The step of Tacacs server configuration:
Step 1: configure device area
Step 2: configure Device type(can ignore)
Step 3: add your switch for control
Step 4: Configure Authorized Time Range Policies
Step 5: Configure Shell Profiles
Step 6: Configure Command Sets
Step 7: Configure Authorization Policies
Step 8: add the users for login devices, and bind the policy.
Then test the login is okay
<AC>telnet 172.16.209.102
Trying 172.16.209.102 ...
Press CTRL+K to abort
Connected to 172.16.209.102 ...
Login: admin
Password:
E65060: Failed to check IP address binding.
AAA authentication failed.
Login: liang
Password:
******************************************************************************
* Copyright (c) 2004-2022 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner"s prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Tacacs>
The correct debug :
*Sep 27 11:52:31:966 2023 Tacacs TACACS/7/send_packet:
version: 0xc0 type: AUTHEN_REQUEST seq_no: 1 flag: ENCRYPTED_FLAG
session-id: 0x38eae03d
length of payload: 39
action: LOGIN priv_lvl: 0 authen_type: ASCII service: LOGIN
user_len: 5 port_len: 4 rem_len: 12 data_len: 10
user: admin
port: vty1
rem_addr: 172.16.209.1
data: ******
*Sep 27 11:52:31:970 2023 Tacacs TACACS/7/EVENT: PAM_TACACS: Epoll event=1, src port = 14022.
*Sep 27 11:52:31:972 2023 Tacacs TACACS/7/EVENT: PAM_TACACS: Reply SocketFd received EPOLLIN event.
*Sep 27 11:52:31:974 2023 Tacacs TACACS/7/recv_packet: -----------àwe can receive the Tacacs server reply, but your environment can not receive…
version: 0xc0 type: AUTHEN_REPLY seq_no: 2 flag: ENCRYPTED_FLAG
session-id: 0x38eae03d
length of payload: 15
status: STATUS_GETPASS flags: NOECHO
server_msg len: 9 data len: 0
server_msg: Password:
data:
*Sep 27 11:52:31:974 2023 Tacacs TACACS/7/EVENT: PAM_TACACS: Processing authentication reply packet.
Key Configuration
1.make sure the key between SW and iMC is same
2.make sure the radius section configure same between iMC and SW