Hi Tejal,
From IOS Essentials (again): ;-)
aaa new-model
aaa authentication login default tacacs+ enable
aaa authentication enable default tacacs+ enable
aaa accounting exec default start-stop tacacs+
!
tacacs-server host a.a.a.a
tacacs-server key <key>
!
First line - you need new-model triple-A.
Second line - login authentication will try tacacs+ server first, then fall
back to the local enable secret if the tacacs+ server doesn't respond
Third line - enable authentication - password is stored on the tacacs+
server - again, fall back to local enable secret if tacacs+ server doesn't
respond
Fourth line - log all exec commands used to the tacacs+ server
..and the remaining lines configure your router to point to the tacacs+ server.
Note, this config is from 12.0S. If you are using 12.1 onwards, the config
becomes:
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
!
You can get a public domain tacacs+ server for Unix from
ftp-eng.cisco.com/pub/tacacs - it builds on most Unixes I know... It has
instructions on how to set up all the bits you are looking to support.
Suggestion - please read IOS Essentials first. All these questions are
answered there - if they are not, I'll make sure that they appear in a
future version. The whitepaper is there to help everyone get started, and
Barry and I do want it to cover all the basics to get you up and running...
good luck!
philip
--At 09:12 29/03/2002 +0000, Tejal Shah wrote: >HI all, > > > I am not able to configuring tacacs+ on my router >7206vxr. > > i am not able to fine the option whicle giving command > >"aaa authentication login default tacacs+". > > There is no option for tacacs+ while i am issuing this >command. > >Thanks in advance > >Tejal > > > > >Go To http://www.iqara.net
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:09 EDT