Configuring TACACS Client for Remote Login Authentication

Parent topic: Configuring TACACS

Configuration Guidelines

  1. Configure TACACS+ server before configuring TACACS+ features on NAS.
  2. To establish communication with the TACACS+ server, configure the server IP-address and the secret key. The secret key must be specific to the client and the server for establishing communication between them.
  3. Authentication method must be explicitly specified as TACACS+.

Default Configurations

Table 1. Default Configurations
Feature Default Setting
tacacs-server timeout 5 seconds
tacacs-server encryption key IS5Com
login authentication Local

Configuration Steps

For setup, refer to Figure Topology Setup for TACACS+.

At NAS

  1. To configure the RIP packets retransmission interval and retries count, execute the following commands in the switch ISS1.

    Type the following:

    • Enter the Global Configuration Mode in ISS1.
    iS5comm# configure terminal
    • Configure the TACACS+server host. 
    iS5comm(config)# tacacs-server host 13.0.0.20 timeout 6 key IS5ComTacacs
    • Configure the router to use TACACS+ for authentication at the login prompt. 
    iS5comm(config)# login authentication tacacs local
    • Exit from the Global Configuration Mode.
    iS5comm(config)# end
    • Configure the active server; this server is used for authentication and other servers are backup servers.
    iS5comm(config)# tacacs use-server address 13.0.0.20
  2. View the server-specific configurations and TACACS+ statistics by executing the following show command.

    Type the following:

    iS5comm# show tacacs
    Server : 1
    Server address     	       : 13.0.0.20
    Address Type            	       : IPV4
    Single Connection       : no
    TCP port                        : 49
    Timeout                         : 6Secret Key                     : 
    Server : 2
    Server address                    : 2003::1
    Address Type                       : IPV6
    Single Connection        : no
    TCP port                         : 4949
    Timeout                          : 6
    Secret Key                      : 
    Active Server address: 13.0.0.20
    Authen. Starts sent    		: 0
    Authen. Continues sent 	: 0
    Authen. Enables sent   	: 0
    Authen. Aborts sent   	 	: 0
    Authen. Pass rvcd.     		: 0
    Authen. Fails rcvd.    		: 0
    Authen. Get User rcvd. 	: 0
    Authen. Get Pass rcvd. 	: 0
    Authen. Get Data rcvd. 	: 0
    Authen. Errors rcvd.   		: 0
    Authen. Follows rcvd.  	: 0
    Authen. Restart rcvd.  		: 0
    Authen. Sess. timeouts 	: 0
    Author. Requests sent  	: 0
    Author. Pass Add rcvd. 	: 0
    Author. Pass Repl rcvd 	: 0
    Author. Fails rcvd.    		: 0
    Author. Errors rcvd.   		: 0
    Author Follows rcvd.   		: 0
    Author. Sess. timeouts 	: 0
    Acct. start reqs. sent 		: 0
    Acct. WD reqs. sent    		: 0
    Acct. Stop reqs. sent  		: 0
    Acct. Success rcvd.    		: 0
    Acct. Errors rcvd.     		: 0
    Acct. Follows rcvd.    		: 0
    Acct. Sess. timeouts   		: 0
    Malformed Pkts. rcvd.  	: 0
    Socket failures        		: 0
    Connection failures    		: 0
  3. View the system information by executing the following command..

    Type the following:

    iS5comm# show system information
    Hardware Version                  : 5.2.4
    Firmware Version                  : 5.0.0.0
    Switch Name                       : ISS
    System Location                   : iS5Com
    Logging Option                    : Console Logging
    Login Authentication Mode         : Remote
    Config Save Status                : Not Initiated
    Remote Save Status                : Not Initiated
    Config Restore Status             : Not Initiated

At TACACS-Server:

Refer to the relevant TACACS+ configuration guide used to configure the parameters security key, username, and password.

At Host:

  1. Telnet the router from the host.

    Perform the following:

    #telnet 20.0.0.1
    Intelligent Switch Solution 
    login: iS5comm
    Password: iss123
    iS5comm>

    The packet flow between the host, TACACS+ Client and the TACACS+ Server is illustrated below.

    Figure 1. Packet Flow between Host, TACACS Client and the TACACS Server