3A_tacacs认证

 

一、网络拓扑：

 

二、ACS配置：

1、添加用户test。

 

 

2、network configuration

 

 

 

 

 

 

 

 

三、cisco2950配置

1 、使用pc机的串口连接cisco 2950的console口

2 、使用超级终端(或CRT)连接串口

3 、进行交换机配置,命令如下:

//将端口1/2加入vlan1,设置vlan的IP

Switch#config

Switch#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#in

Switch(config)#interface vlan 1

Switch(config-if)#ip address 192.168.0.121 255.255.255.0

Switch(config-if)#no shut

Switch(config-if)#exit

Switch(config)#interface fastEthernet 0/1

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 1

Switch(config)#interface fastEthernet 0/2

Switch(config-if)#sw

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 1

Switch(config-if)#exit

Switch(config)#exit

Switch#

1d05h: %SYS-5-CONFIG_I: Configured from console by ikey on console

Switch#show ip interface brief

Interface                  IP-Address      OK? Method Status                Protocol

Vlan1                      192.168.0.118 YES manual up                    up     

FastEthernet0/1            unassigned      YES unset up                     up     

FastEthernet0/2            unassigned      YES unset down                  down   

FastEthernet0/3            unassigned      YES unset down                  down   

FastEthernet0/4            unassigned      YES unset down                  down   

FastEthernet0/5            unassigned      YES unset down                  down    

FastEthernet0/6            unassigned      YES unset down                  down   

FastEthernet0/7            unassigned      YES unset down                  down   

FastEthernet0/8            unassigned      YES unset down                  down   

FastEthernet0/9            unassigned      YES unset down                  down   

FastEthernet0/10           unassigned      YES unset down                  down   

FastEthernet0/11           unassigned      YES unset down                  down   

FastEthernet0/12           unassigned      YES unset down                  down   

FastEthernet0/13           unassigned      YES unset down                  down   

FastEthernet0/14           unassigned      YES unset down                  down   

FastEthernet0/15           unassigned      YES unset down                  down   

FastEthernet0/16           unassigned      YES unset down                  down   

FastEthernet0/17           unassigned      YES unset down                  down   

FastEthernet0/18           unassigned      YES unset down                  down   

FastEthernet0/19           unassigned      YES unset down                  down   

FastEthernet0/20           unassigned      YES unset down                  down   

FastEthernet0/21           unassigned      YES unset down                  down   

FastEthernet0/22           unassigned      YES unset down                  down   

FastEthernet0/23           unassigned      YES unset down                  down   

FastEthernet0/24           unassigned      YES unset down                  down  

 

//设置tacacs+认证

tacacs-server host 192.168.0.119

tacacs-server directed-request

tacacs-server key hahatest

enable secret cisco                                        ‘定义enable密码

aaa new-model                                           ‘启用AAA认证

aaa authentication login tac_auth tacacs+

aaa authentication login no_tacacs none

line con 0                              （此段表示通过con口管理时不进行radius认证）

login authentication no_tacacs

transport output none

exit

 

line vty 0 4                             （telnet）

login authentication tac_auth

 

 

 

4、使用pc机telnet到设置的vlan1 IP,输入认证服务器用户名和密码进行认证