Friday, May 15, 2015

Configuring TACACS+ in GNS3 and Packet Tracer


GNS3:

Step 1: Check connectivity between router in GNS3 and Kali linux in Virtualbox.

IP of Kali linux (TACACS+ server) is 192.168.56.101 and of router (TACACS+ client) is 192.168.56.1.


Step 2: Install TACACS+ in Kali linux.

apt-get install tacacs+

Step 3: Go to /etc/tacacs+ directory and check if tac_plus.conf is created.


Step 4: Edit tac_plus.conf file to add user with password and privileges.


Step 5: Restart tacacs_plus process after making changes to config file.


Step 6: Verify that tacas_plus service is running properly using netstat –tnlp command.


Step 7: Configure router for TACACS+.

aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
tacacs-server host 192.168.56.101
tacacs-server key testing123

tacacs-server directed-request
ip tacacs source-interface VLAN 1

aaa accounting exec default start-stop tacacs+
aaa accounting connection default start-stop tacacs+

aaa accounting network default start-stop tacacs+
aaa accounting system default start-stop tacacs+

Step 8: Login with TACACS+ credentials.

Username: admin
Password: cisco123



Packet Tracer:

Step 1: Created a topology with a generic server and a router.


Step 2: Configure router and assign IP 100.100.100.1


Step 3: Set up AAA server with tacacs.

Set IP address 100.100.100.100 and Gateway 100.100.100.1


Go to AAA and turn on service.

Choose server type as tacacs and insert router’s IP and provide a password to connect to server.

Also create a username and password to login into router.


Step 4: Configure router to use AAA server and login.

aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local

tacacs-server host 100.100.100.100
tacacs-server key P@$$w0rD

aaa accounting exec default start-stop tacacs+
aaa accounting connection default start-stop tacacs+
aaa accounting network default start-stop tacacs+
aaa accounting system default start-stop tacacs+

Login credentials:

Username: admin
Password: cisco