Configure Cisco Switch or Router to Use ACS for AAA Services

-
Hi All

I'm back again. I was figuring out how to use the ACS for managing access to switches and routers within GNS3 but I suppose a similar experience would occur in the physical real world!

Before attempting any of this, ensure you are able to ping your ACS's and Routers/Switches.


These are the settings which are required on the Router / Switch. 



Basic Default Line VTY Settings



Login to ACS

 
Add Device Locations & Types




Add Device



Create User Groups

 
 Add Users

 
 
Create Shell Profiles (linked to Access Policies) - Priviledges for Users




Command Sets


Service Selection Rules - should be there by default

 

 Default Device Admin
 
 
 Default Device Admin - Authorization

 
 
 

Test Router / Switch using Priviledge Level 0 

 

Notice the command failure? It was not authorized in the Command Set.


Test Router / Switch using Priviledge Level 15
Notice, this user has gone straight into Priviledge mode 15 without requiring Enable Password.



Hope this helps someone out there. It might not be perfect but it gives you a starting point and helps me remember.










Comments

Post a Comment

Popular posts from this blog

Create bootable CUC CUCM CUP Image / ISO

-
The following script allows you to automatically create a bootable CUCM/CUC/CUP image without the need for any paid for software when you only have access to the update outside of put or the datastore for the new server. I have spent several hours on this, but I just wanted to make it simple. Only really for lab purposes, the checksum will fail due to the ISO being manipulated but essentially once you fill in the variables, you will just be left with a single ISO file in the staging directory. To use; 1. Download the mkisofs.exe file as described in the script 2. Paste script below into Powershell ISE Script Editer 3. Modify the variables 4. Execute the script. Simple. Tested creating an ISO on a Windows 10 machine and running the ISO on a ESXI server. Thanks for this guy Aaron Harrison as per the URL, was helpful in the finding out the mkisofs.exe command syntax. http://www.ipcommute.co.uk/technical-articles/17--creating-isolinux-boot-dvds-with-free-software-cucm-uccx-cups.
Read more

Configuring Oracle 12c backups on Veritas Backup Exec 16.

-
Image
This is a short guide to configuring backups of Oracle 12c using Veritas Backup Exec 16. 1.        Establish trust with Oracle Database server within Backup Exec console and ensure agent is installed. 2.         Create a login to the database for backup purposes in Oracl e; Open up a command prompt and run the following command – Sqlplus / nolog Log in with your database admin account as sysdba Connect myusername / mypassword@databasename as sysdba CREATE USER BACKUP IDENTIFIED BY MYPASSWORD; GRANT UNLIMITED TABLESPACE TO BACKUP; GRANT AQ_ADMINISTRATOR_ROLE TO BACKUP; GRANT DBA TO BACKUP; GRANT CONNECT TO BACKUP; ALTER USER BACKUP DEFAULT ROLE ALL; ALTER USER BACKUP DEFAULT TABLESPACE SYSTEM; 3.        Within the Local Users and Groups section of Computer Management on the Oracle database server, add the backup servers windows domain administrator account to the following groups – a.        ORA_OraDB12Home1_SYSBACKUP b.    
Read more

CUCM 11.5 - Esxi 6.5 - unable to create VM

-
Image
Hi Guys Had an issue where I was unable to deploy a Cisco Unified Call Manager 11.5 OVA to the VMWare Esxi 6.5 standalone server. The following error would appear during the provision of the VM - "At least one extra disk image was provided that will be ignored". The solution to import the Cisco OVA into VMware is to use VMware's OVFTool. The commands I used worked for also UCCX and Cisco Unity Connect - CUCM Deployment for 2500 Users --------------------------------- ovftool --acceptAllEulas --datastore="datastore1" -dm="thick" --name="CUCM01-PUB" --net:"eth0"="Voice" --deploymentOption="CUCM_2500" "c:\temp\cucm_11.5_vmv8_v1.1.ova" vi://UserName:Password@IPAddress UCCX ---- ovftool --acceptAllEulas --datastore="datastore1" -dm="thick" --name="UCCX1" --net:"eth0"="Voice" --deploymentOption="UCCX_400_Agent" "C:\temp\UCCX_11.
Read more