Cisco2511的Access Server通过Tacacs服务器实现安全认证[教学]
时间:2007-12-23 来源:不详 作者:迈克DB
使用一台WINDOWS NT服务器作为Tacacs服务器,地址为10.111.4.2,运行Cisco2511随机带的Easy ACS 1.0软件实现用户认证功能.
访问服务器设置如下:
hostname router
!
aaa new-model
aaa authentication login default tacacs
aaa authentication login no_tacacs enable
aaa authentication ppp default tacacs
aaa authorization exec tacacs
aaa authorization network tacacs
aaa accounting exec start-stop tacacs
aaa accounting network start-stop tacacs
enable secret 5 $1$kN4g$CvS4d2.rJzWntCnn/0hvE0
!
interface Ethernet0
ip address 10.111.4.20 255.255.255.0
!
interface Serial0
no ip address
shutdown
interface Serial1
no ip address
shutdown
!
interface Group-Async1
ip unnumbered Ethernet0 织梦好,好织梦
encapsulation ppp
async mode interactive
peer default ip address pool Cisco2511-Group-142
no cdp enable
group-range 1 16
!
ip local pool Cisco2511-Group-142 10.111.4.21 10.111.4.36
tacacs-server host 10.111.4.2
tacacs-server key tac
!
line con 0
exec-timeout 0 0
password cisco
login authentication no_tacacs
line 1 16
login authentication tacacs
modem InOut
modem autoconfigure type usr_courier
autocommand ppp
transport input all
stopbits 1
rxspeed 115200
txspeed 115200
flowcontrol hardware
line aux 0
transport input all
line vty 0 4
password cisco
!
end 安全
文章评论
共有位Admini5网友发表了评论 查看完整内容