tacgui with cisco huawei and h3c

-

tacgui是个opensoure的tacacs+,我的情景主要是实现网络设备登录管控和命令审计。

思路:

--tacgui

1 安装tacgui

2  新建user

3 新建device


--配置设备

华为为例

template

hwtacacs-server template test

 hwtacacs-server authentication 192.168.10.12 //your tacgui ip

 hwtacacs-server authorization 192.168.10.12

 hwtacacs-server accounting 192.168.10.12

hwtacacs-server source-ip xxx.xxx.xxx.xxx    //交换机管理地址

 hwtacacs-server shared-key cipher test2test

 

Aaa

aaa

 authentication-scheme tac1

  authentication-mode hwtacacs local

 

  authorization-scheme tac1

  authorization-mode hwtacacs local

  authorization-cmd 15 hwtacacs local

 

 accounting-scheme tac1

  accounting-mode hwtacacs

  accounting start-fail online   //开始计费失败,允许用户上线

 recording-scheme sch0   //command logging

  recording-mode hwtacacs test

 cmd recording-scheme sch0

认证domain

Aaa

 domain huawei

  authentication-scheme tac1

  accounting-scheme tac1

  authorization-scheme tac1

    hwtacacs-server test

Assign an auhenti domain

domain huawei admin

 

 


Comments

Post a Comment

Popular posts from this blog

different vendor's ether-channel technology

-
Image
  Different vendors ether-channel tech : Cisco call it Port-channel Huawei call it e-trunk H3c call it Bridge-aggregation 什么是链路聚合 简而言之就是这个功能可以让 sw 在逻辑上将多条物理线缆视为一条线缆! 为什么需要 2 个 sw 如果用一根线连,它可以工作 ok 如果你需要怎加 2 个 sw 之间的通信带宽,你一般会增加多条网线 这时就需要链路聚合,因为没有 链路聚合 交换机的 生成树 会 block 掉一些端口,导致增加的网线无效 How:   Topology Cisco   Layer2 ======== interface range FastEthernet0/1-2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode active   //there is five mode you need to learn about //upon above command sw will auto gen   a port-channel ineterface   Layer3========== interface range FastEthernet0/1-2 no switchport channel-group 1 mode active   interface Port-channel1    //auto generate ip ...
Read more