Configure Cisco Switch or Router to Use ACS for AAA Services

-
Hi All

I'm back again. I was figuring out how to use the ACS for managing access to switches and routers within GNS3 but I suppose a similar experience would occur in the physical real world!

Before attempting any of this, ensure you are able to ping your ACS's and Routers/Switches.


These are the settings which are required on the Router / Switch. 



Basic Default Line VTY Settings



Login to ACS

 
Add Device Locations & Types




Add Device



Create User Groups

 
 Add Users

 
 
Create Shell Profiles (linked to Access Policies) - Priviledges for Users




Command Sets


Service Selection Rules - should be there by default

 

 Default Device Admin
 
 
 Default Device Admin - Authorization

 
 
 

Test Router / Switch using Priviledge Level 0 

 

Notice the command failure? It was not authorized in the Command Set.


Test Router / Switch using Priviledge Level 15
Notice, this user has gone straight into Priviledge mode 15 without requiring Enable Password.



Hope this helps someone out there. It might not be perfect but it gives you a starting point and helps me remember.










Comments

Post a Comment

Popular posts from this blog

Create bootable CUC CUCM CUP Image / ISO

-
The following script allows you to automatically create a bootable CUCM/CUC/CUP image without the need for any paid for software when you only have access to the update outside of put or the datastore for the new server. I have spent several hours on this, but I just wanted to make it simple. Only really for lab purposes, the checksum will fail due to the ISO being manipulated but essentially once you fill in the variables, you will just be left with a single ISO file in the staging directory. To use; 1. Download the mkisofs.exe file as described in the script 2. Paste script below into Powershell ISE Script Editer 3. Modify the variables 4. Execute the script. Simple. Tested creating an ISO on a Windows 10 machine and running the ISO on a ESXI server. Thanks for this guy Aaron Harrison as per the URL, was helpful in the finding out the mkisofs.exe command syntax. http://www.ipcommute.co.uk/technical-articles/17--creating-isolinux-boot-dvds-with-free-software-cucm-uccx-c...
Read more

Configuring Oracle 12c backups on Veritas Backup Exec 16.

-
Image
This is a short guide to configuring backups of Oracle 12c using Veritas Backup Exec 16. 1.        Establish trust with Oracle Database server within Backup Exec console and ensure agent is installed. 2.         Create a login to the database for backup purposes in Oracl e; Open up a command prompt and run the following command – Sqlplus / nolog Log in with your database admin account as sysdba Connect myusername / mypassword@databasename as sysdba CREATE USER BACKUP IDENTIFIED BY MYPASSWORD; GRANT UNLIMITED TABLESPACE TO BACKUP; GRANT AQ_ADMINISTRATOR_ROLE TO BACKUP; GRANT DBA TO BACKUP; GRANT CONNECT TO BACKUP; ALTER USER BACKUP DEFAULT ROLE ALL; ALTER USER BACKUP DEFAULT TABLESPACE SYSTEM; 3.        Within the Local Users and Groups section of Computer Management on the Oracle database server, add the backup servers windows domain adminis...
Read more

Configuring Cisco CME Voice Gateway (VG) for incoming and outgoing calls using Sipgate trunk

-
Image
Hi All For my reference and your's, here is a working sample configuration for configuring sipgate (sipgate.co.uk) for incoming and external VOIP calls on a 2800 series Cisco router. Using GNS3; My wireless adapter has internet connection sharing enabled, and I have created a loopback adapter which is the 'internet' adapter as you can see below. I have tested making calls using Cisco's CIPC version 8 and receiving calls. This doesn't have to be done in GNS3, just pick up yourself a real voice gateway. version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname VG-EP ! boot-start-marker boot-end-marker ! ! aaa new-model ! ! aaa authentication login http local aaa authentication login ssh local aaa authorization exec http local ! aaa session-id common ! resource policy ! memo...
Read more