实验目的:在R1上telnet到R2时,进行认证,授权,统计。
Step 1:
R1+++++++++++++++++++
int s1/3
no sh
ip add 12.1.1.1 255.255.255.0
R2+++++++++++++++++++
int s1/3
no sh
ip add 12.1.1.2 255.255.255.0
int f0/0
no sh
ip add 192.168.126.55 255.255.255.0
ACS++++++++++++++++++++++++++++++++
192.168.126.44 255.255.255.0
gateway:192.168.126.1
++++++++++++++++++++++++++++++++++++
Step 2:
aaa new-model //开启AAA功能
aaa authentication login noacs none
line con 0
login authentication noacs
R2(config)#tacacs-server host 192.168.126.44 key cisco //指定一台ACS服务器
R2(config)#ip tacacs source-interface Loopback0 //可选
============
Step 3:进入ACS->network configuration->新建一个用户 test cisco
在network configuration 新增一个AAA clients,再到User Setup里增加一个新用户。
Step 4:测试是否成功与ACS建立连通性
Router#test aaa g tacacs+ Rack45 cisco new-code
Sending password
User successfully authenticated
=================
Step 5:进行认证,授权,统计
r2(config)#aaa authentication login 2 group tacacs+
aaa authorization commands 15 2 group tacacs+
aaa authorization exec 2 group tacacs+
aaa authorization config-commands 在进入全局模式里也进行授权
aaa accounting exec 2 start-stop group tacacs+
aaa accounting commands 15 2 start-stop group tacacs+
Step 6:在line里面调用
line vty 0 4
authorization commands 15 2
authorization exec 2
accounting commands 15 2
login authentication 2
r1#telnet 12.1.1.2
Trying 12.1.1.2 ... Open
Username: test
Password:
% Authorization failed.
[Connection to 12.1.1.2 closed by foreign host]
//没授权,需要在服务器进行授权
高级选项
进入tac
