View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0087 - ACS 5.4 TACACS Device Admin on Switch and ASA (Part 2)

Rating: 
5
Average: 5 (2 votes)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
The video demonstrates TACACS+ configuration for Device Admin on Cisco ACS 5.4. We will go through the entire process of adding network devices, users, and building authentication and authorization policies. We will also look at basic AAA configuration on a Cisco switch and ASA firewall. We will use both local and AD users for testing and granting shell privilege 15 in this lab.
Part 2 of this video shows switch and ASA configuration. The lab finishes with authentication testing.
 
Topic:
  • Network Device and Network Device Group
  • Identity Group and User
  • Policy Element
    • Shell Profile
  • Service Selection Rules
  • Access Service
    • Authentication Policy
    • Authorization Policy
  • Switch and ASA AAA Configuration

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.

3 comments

Hi Guys I've followed every step of your ACS video But when I use "test aaa group acs01 admin cisco legacy" command. I get "User authentication request was rejected by server." In Monitoring&Reports, TACACS Authentication, I get get the following error: 22056 Subject not found in the applicable identity store(s). After investigating, I think it might be due to the Access Policy Identity – Advanced options: If authentication failed Reject If user not found Reject If process failed Drop Authorization default DenyAccess If I make changes as follows: Everything is allowed Identity – Advanced options: If authentication failed Reject If user not found Continue If process failed Continue Authorization default PermitAccess Thkx

Usually you do not need to modify those advanced option unless you are dealing with MAB. When you get subject not found error, usually ACS cannot find the username in the identity store. Please double check that you use the correct identity store and it contains the username.

Yeah, thnks.

Forgot about the Identity store.