使用一台WINDOWS NT服务器作为Tacacs服务器,地址为10.111.4.2,运行Cisco2511随机带的Easy ACS 1.0软件实现用户认证功能.
访问服务器设置如下:
hostname router
!
aaa new-model
aaa authentication login default tacacs+
aaa authentication login no_tacacs enable
aaa authentication ppp default tacacs+
aaa authorization exec tacacs+
aaa authorization network tacacs+
aaa accounting exec start-stop tacacs+
aaa accounting network start-stop tacacs+
enable secret 5 $1$kN4g$CvS4d2.rJzWntCnn/0hvE0
!
interface Ethernet0
ip address 10.111.4.20 255.255.255.0
!
interface Serial0
no ip address
shutdown
interface Serial1
no ip address
shutdown
!
interface Group-Async1
ip unnumbered Ethernet0
encapsulation ppp
async mode interactive
peer default ip address pool Cisco2511-Group-142
no cdp enable
group-range 1 16
!
ip local pool Cisco2511-Group-142 10.111.4.21 10.111.4.36
tacacs-server host 10.111.4.2
tacacs-server key tac
!
line con 0
exec-timeout 0 0
password cisco
login authentication no_tacacs
line 1 16
login authentication tacacs
modem InOut
modem autoconfigure type usr_courier
autocommand ppp
transport input all
stopbits 1
rxspeed 115200
txspeed 115200
flowcontrol hardware
line aux 0
transport input all
line vty 0 4
password cisco
!
end