{"id":709,"date":"2021-11-05T00:28:54","date_gmt":"2021-11-04T15:28:54","guid":{"rendered":"https:\/\/wp.zassoul.com\/?p=709"},"modified":"2024-07-04T16:01:27","modified_gmt":"2024-07-04T07:01:27","slug":"nw%e6%a9%9f%e5%99%a8%e3%81%aetacacs%e8%a8%ad%e5%ae%9a","status":"publish","type":"post","link":"https:\/\/wp.zassoul.com\/?p=709","title":{"rendered":"NW\u6a5f\u5668\u306eTACACS+\u8a2d\u5b9a"},"content":{"rendered":"\n<p>\u304a\u3088\u305d\u4e16\u9593\u3067\u306f\u60c5\u5831\u304c\u6ca2\u5c71\u3042\u308b\u306e\u3067\u6211\u304c\u5bb6\u306e\u8a2d\u5b9a\u5024\u306e\u307f\u8a18\u8f09\u3002<\/p>\n\n\n\n<p>\u8a2d\u5b9a\u65b9\u91dd\u306f\u6b21\u306e\u901a\u308a\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>1\u53f7\u6a5f\u306f.20\uff0c2\u53f7\u6a5f\u306f.21\uff0cTACACS\u30b5\u30fc\u30d0\u304c\u30c0\u30a6\u30f3\u3057\u305f\u3089Local\u8a8d\u8a3c(\u30bf\u30a4\u30e0\u30a2\u30a6\u30c8\u306f5\u79d2)<\/li>\n\n\n\n<li>\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u305f\u3089\u5373\u7279\u6a29(\u30b3\u30de\u30f3\u30c9\u6a29\u9650\u306fTACACS\u30b5\u30fc\u30d0\u5074\u3067\u63e1\u308b)<\/li>\n\n\n\n<li>1\u53f7\u6a5f\u3092\u6700\u521d\u306b\u8a18\u8ff0\uff0c2\u53f7\u6a5f\u3092\u6b21\u306b\u8a18\u8ff0<\/li>\n\n\n\n<li>aaa\u306e\u8a2d\u5b9a\u3067default\u3068\u3057\u3066\u5b9a\u7fa9\u3059\u308b\u3082\u306e\u3092\u3088\u304f\u898b\u304b\u3051\u308b\u304c\uff0c\u81ea\u5b85\u74b0\u5883\u3067\u306f\u4e0d\u63a1\u7528\u3068\u3057\uff0c\u5404aaa\u306e\u5b9a\u7fa9\u306b\u540d\u524d\u3092\u4ed8\u3051\u308b\u3002(\u4eee\u306bdefault\u3067\u5b9a\u7fa9\u3059\u308b\u3068\u5168\u3066\u306e\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u306b\u9069\u7528\u3055\u308c\u308b\u3057\uff0c\u8a2d\u5b9a\u9806\u756a\u30df\u30b9\u308b\u3068\u305d\u306e\u307e\u307e\u30b3\u30de\u30f3\u30c9\u304c\u306f\u3058\u304b\u308c\u308b\u306a\u3069\u30ea\u30b9\u30af\u304c\u3042\u308b\u3068\u601d\u3046\u3002\u305f\u3060\u3057\uff0cline vty \u3067\u306eauthentication\u8a2d\u5b9a\u306a\u3069\u306f\u4e0d\u8981\u306b\u306a\u308b\u306a\u3069\u8a2d\u5b9a\u884c\u306f\u6e1b\u308b\u3002)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Cisco IOS<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>!!! AAA\u6709\u52b9\naaa new-model\n\n!!! TACACS\u30b5\u30fc\u30d0\u767b\u9332\u3002aaa tacacs-server \u306f\u975e\u63a8\u5968\u306b\u306a\u3063\u305f\u6a21\u69d8\u3002\ntacacs server tacacs-sv1\n address ipv4 192.168.30.20\n key &lt;tacacs\u30b5\u30fc\u30d0\u3067\u8a2d\u5b9a\u3057\u305fKey>\n timeout 5\ntacacs server tacacs-sv2\n address ipv4 192.168.30.21\n key &lt;tacacs\u30b5\u30fc\u30d0\u3067\u8a2d\u5b9a\u3057\u305fKey>\n timeout 5\n\n!!! TACACS\u30b5\u30fc\u30d0\u30b0\u30eb\u30fc\u30d7\u4f5c\u6210\u3002\naaa group server tacacs+ TAC_SRV\n server name tacacs-sv1\n server name tacacs-sv2\n\n!!! TACplus\u3068\u3044\u3046\u540d\u524d\u3067TAC_SRV\u3067\u767b\u9332\u3057\u305fTACACS\u30b5\u30fc\u30d0\u306b\u554f\u3044\u5408\u308f\u305b\u308b\u3002\u843d\u3061\u3066\u305f\u3089\u30ed\u30fc\u30ab\u30eb\u8a8d\u8a3c\u3002\naaa authentication login TACplus_authe group TAC_SRV local-case\n\n\n!!! \u5b9f\u884c\u6a29\u9650\u3092TACACS\u30b5\u30fc\u30d0\u306b\u554f\u3044\u5408\u308f\u305b\u308b\u3002\u843d\u3061\u3066\u305f\u3089\u30ed\u30fc\u30ab\u30eb\u8a8d\u8a3c\u3002\naaa authorization exec TACplus_autho_exec group TAC_SRV local\n\n!!! \u5b9f\u884c\u30ec\u30d9\u30eb15\u306e\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u6a29\u9650\u3092TACACS\u30b5\u30fc\u30d0\u306b\u554f\u3044\u5408\u308f\u305b\u308b\u3002\u843d\u3061\u3066\u305f\u3089\u30ed\u30fc\u30ab\u30eb\u8a8d\u8a3c\u3002\naaa authorization commands 15 TACplus_autho_cmd group TAC_SRV local\n\n!!! \u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u30ed\u30b0\u3092TACACS\u30b5\u30fc\u30d0\u3078\u9001\u4fe1\u3002\naaa accounting commands 15 default start-stop group TAC_SRV\n\n\n\nline vty 0 4\n exec-timeout 0 0\n authorization commands 15 TACplus_autho_cmd\n authorization exec TACplus_autho_exec\n logging synchronous\n login authentication TACplus_authe\n transport input ssh<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Cisco ASA<\/h2>\n\n\n\n<p>ASA\u306e\u5834\u5408\u306fIOS\u3068\u306f\u82e5\u5e72\u9055\u3046\u304c\uff0c\u57fa\u672c\u7684\u306a\u5b9a\u7fa9\u306e\u6d41\u308c\u306f\u540c\u3058\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>aaa-server TACplus protocol tacacs+\n reactivation-mode timed\n max-failed-attempts 2\naaa-server TACplus (mgmtside) host 192.168.30.20\n key *****\naaa-server TACplus (mgmtside) host 192.168.30.21\n key *****\n\n!!! SSH\u63a5\u7d9a\u6642\u306bTACACS\u2192LOCAL\u3068\u3044\u3046\u9806\u3067\u8a8d\u8a3c\naaa authentication ssh console TACplus LOCAL\n\n!!! \u7279\u6a29\naaa authentication enable console TACplus LOCAL\n\naaa authorization command TACplus LOCAL\naaa accounting command privilege 15 TACplus\n\n!!! \naaa authorization exec authentication-server auto-enable\naaa authentication login-history\n<\/code><\/pre>\n\n\n\n<p>\u4ee5\u4e0a\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u304a\u3088\u305d\u4e16\u9593\u3067\u306f\u60c5\u5831\u304c\u6ca2\u5c71\u3042\u308b\u306e\u3067\u6211\u304c\u5bb6\u306e\u8a2d\u5b9a\u5024\u306e\u307f\u8a18\u8f09\u3002 \u8a2d\u5b9a\u65b9\u91dd\u306f\u6b21\u306e\u901a\u308a\u3002 Cisco IOS Cisco ASA ASA\u306e\u5834\u5408\u306fIOS\u3068\u306f\u82e5\u5e72\u9055\u3046\u304c\uff0c\u57fa\u672c\u7684\u306a\u5b9a\u7fa9\u306e\u6d41\u308c\u306f\u540c\u3058\u3002 \u4ee5\u4e0a\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,15,8],"tags":[74,75,86],"class_list":["post-709","post","type-post","status-publish","format-standard","hentry","category-cisco","category-network","category-8","tag-cisco","tag-network","tag-tacacs"],"_links":{"self":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts\/709","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=709"}],"version-history":[{"count":9,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts\/709\/revisions"}],"predecessor-version":[{"id":891,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts\/709\/revisions\/891"}],"wp:attachment":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=709"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=709"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=709"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}