19 Dec 2012 at 5:24 p.m. UTC
Dear all
I have been working on an assignment to get our TACACs servers standardized and to change the old format aaa configs to the new standard before the old format gets deprecated.
I have many multiple IOS based devices such as 2350, 2821, 3650, Firewalls, Nexus based 3048s 3064s and 7010s
However, I have tried the new format on both the IOS based 2350s and also on the Nexus based 3048s which has error on both cases
our plan is to move to the new style of aaa configuration and at least to have one standard format configuration for IOS based devices and one other standard format for Nexus based devices.
•Our tacacs appliances are crashing on AD authentication on a fairly regular basis. And I was wondering as to where to get resource on Cisco.com to see if we are on the latest version. Can you point me resource where I can find the latest version so that I will be able to compare it with what we have
Also if you have a forum recommendation for me to get help on this and other related staff that will be a huge help.
probably we might need to upgrade our IOS for example the below new aaa config format didn’t work when I tried it on 2350 based on flash:/c2350-lanlite-mz.122-46.EY/c2350-lanlite-mz.122-46 version any suggestion here?
Since the current
New format
tacacs server ourServerName
address ipv4 Our_server_IP
key sharedsecret
!
aaa group server tacacs+ ACSServer
server name ourServerName
Sample format for AAA using a tacacs group (if you have a better format recommendation please point me?):
aaa new-model
aaa group server tacacs+ ACSServer
aaa authentication login default group ACSServer local
aaa authentication login failback enable
aaa authentication login login-only group ACSServer local
aaa authentication login login+enable group ACSServer enable
aaa authentication enable default group ACSServer
aaa authorization config-commands
aaa authorization exec default group ACSServer if-authenticated
aaa accounting exec default start-stop group ACSServer
aaa accounting commands 1 default start-stop group ACSServer
aaa accounting commands 15 default start-stop group ACSServer
aaa accounting network default start-stop group ACSServer
aaa accounting connection default start-stop group ACSServer
aaa accounting system default start-stop group ACSServer
aaa session-id common
With Regards,
Abe
