配置Nexus Tacacs管理

1、设备拓扑：

N7K（mgmt0)----VMnet1-----ACS5.2

2、设备配置：
2.1、基础配置
第一部分：N7K
interface mgmt0
vrf member management
ip address 10.0.0.101/24
测试连通性：
N7K-2# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1): 56 data bytes
ping: sendto 10.0.0.1 64 chars, No route to host
^C
--- 10.0.0.1 ping statistics ---
1 packets transmitted, 0 packets received, 100.00% packet loss
N7K-2# ping 10.0.0.1 vrf management
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=63 time=0.677 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=63 time=0.524 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=63 time=0.952 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=63 time=0.843 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=63 time=0.469 ms

--- 10.0.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.469/0.692/0.952 ms

第二部分：ACS5.2
ACS/admin# sho interface gigabitEthernet 0
eth0 Link encap:Ethernet HWaddr 00:0C:29:33:F9:EF
inet addr:10.0.0.102 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe33:f9ef/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5735 errors:0 dropped:0 overruns:0 frame:0
TX packets:7979 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1319303 (1.2 MiB) TX bytes:8018911 (7.6 MiB)
Interrupt:177 Base address:0x2000

测试连通性：
ACS/admin# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=0.240 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.190 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.207 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.185 ms

--- 10.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3016ms
rtt min/avg/max/mdev = 0.185/0.205/0.240/0.025 ms, pipe 2

ACS/admin#

2.2、保证N7K和ACS之前的连通性：
N7K-2# ping 10.0.0.102 vrf management
PING 10.0.0.102 (10.0.0.102): 56 data bytes
64 bytes from 10.0.0.102: icmp_seq=0 ttl=63 time=0.713 ms
64 bytes from 10.0.0.102: icmp_seq=1 ttl=63 time=0.564 ms
64 bytes from 10.0.0.102: icmp_seq=2 ttl=63 time=0.629 ms
64 bytes from 10.0.0.102: icmp_seq=3 ttl=63 time=0.654 ms
64 bytes from 10.0.0.102: icmp_seq=4 ttl=63 time=1.162 ms

--- 10.0.0.102 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.564/0.744/1.162 ms
N7K-2#

2.3、配置Tacacs
主要配置部分体现为绿色配置，其他部分为默认或自动产生配置。
N7K-2# sho running-config tacacs+ all

!Command: show running-config tacacs+ all
!Time: Mon Sep 2 12:21:19 2019

version 6.1(1)
feature tacacs+

tacacs-server key 7 "Fewhg@123"
no ip tacacs source-interface
tacacs-server test username test password test idle-time 0
tacacs-server timeout 5
tacacs-server deadtime 0
tacacs-server host 10.0.0.102 port 49
tacacs-server host 10.0.0.102 test username test password test idle-time 0
aaa group server tacacs+ TACACS
　　server 10.0.0.102
　　use-vrf management
　　no source-interface

2.4、ACS配置
N7K-2这个名字不一定要和设备一样，这里为了好分别！这只是定义设备的一个名字，主要是那个IP地址。

3、验证

N7K-2# exit

*****************
Username: admin
Password: cisco
*****************
N7K-2 login: admin
Password: （这里使用的是cisco，错误了！）
Login incorrect

*****************
Username: admin
Password: cisco
*****************
login: admin
Password: （这里使用了AAA的账户，成功了！）
Last login: Mon Sep 2 12:03:31 UTC 2019 on ttyS0
Last login: Mon Sep 2 12:25:25 on ttyS0
Cisco NX-OS Software
Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.
NX-OS/Titanium software ("NX-OS/Titanium Software") and related
documentation, files or other reference materials ("Documentation")
are the proprietary property and confidential information of Cisco
Systems, Inc. ("Cisco") and are protected, without limitation,
pursuant to United States and International copyright and trademark
laws in the applicable jurisdiction which provide civil and criminal
penalties for copying or distribution without Cisco's authorization.
The use of NX-OS/Titanium Software and Documentation is strictly
limited to Cisco's internal use.

Any use or disclosure, in whole or in part, of the NX-OS/Titanium
Software or Documentation to any third party for any purposes is
expressly prohibited except as otherwise authorized by Cisco in writing.
The copyrights to certain works contained herein are owned by other
third parties and are used and distributed under license. Some parts
of this software may be covered under the GNU Public License or the
GNU Lesser General Public License. A copy of each such license is
available at
http://www.gnu.org/licenses/gpl.html and
http://www.gnu.org/licenses/lgpl.html
N7K-2#

4、ACS上查看认证信息

可以看到如下是我前后两次输错和输对密码的情况：

Detail信息：

配置Nexus Tacacs管理相关推荐

在项目中配置Nexus Repository的信息
2019独角兽企业重金招聘Python工程师标准>>> 下载并安装Nexus Nexus只需下载war包放到tomcat服务器上便可. 配置Nexus Repository 打开WE ...
sbt配置nexus仓库
2019独角兽企业重金招聘Python工程师标准>>> 最近学习Scala,不可避免的要用到sbt.爱折腾的我把原本比较简单的事情搞的复杂了,来来回回搞了好久,记录下来,有同样爱折腾 ...
java读取ES配置生成ES管理类，获取ES连接
java读取ES配置生成ES管理类,获取ES连接 1.Elasticsearch是基于Lucene开发的一个分布式全文检索框架,向Elasticsearch中存储和从Elasticsearch中查询, ...
ssdb主从及双主模型配置和简单管理
ssdb主从及双主模型配置和简单管理 levelDB是一个key->value 的数据存储库,其只能在本地保存数据,支持持久化,并且支持保存非常大的数据,单机redis在保存较大数据的时候数十G ...
计算机配置里无管理模板,组策略里打开后没有管理模板
组策略里打开后没有管理模板对于大部分计算机用户来说,管理计算机基本上是借助某些第三方工具,甚至是自己手工修改注册表来实现.其实Windows XP组策略已经把这些功能集于一体,通过组策略及相关工具完 ...
linux设置nexus开机自启动_CentOS7配置nexus开机自启动
CentOS7配置nexus开机自启动新建nexus启动脚本进入/etc/init.d目录,新建脚本文件nexus // 进入/etc/init.d [root@linux_maven etc]# ...
Linux下安装配置Nexus
一.安装和运行nexus 二.配置maven使用nexus 三.配置nexus仓库四.用户使用一.安装和运行nexus 1.下载nexus:http://www.sonatype.org/nexu ...
sql2005 安装完成后只有配置工具,没有管理工具和性能分析工具
安装完成后只有配置工具,没有管理工具和性能分析工具等. (1)版本问题,Express 版本的安装包中是没有管理工具.需要额外下载. Microsoft SQL Server Management ...
解决在Spring整合Hibernate配置tx事务管理器出现错误的问题
解决在Spring整合Hibernate配置tx事务管理器出现错误的问题参考文章: (1)解决在Spring整合Hibernate配置tx事务管理器出现错误的问题 (2)https://www.cn ...

配置Nexus Tacacs管理

配置Nexus Tacacs管理相关推荐

最新文章

热门文章