{"id":2591,"date":"2019-06-01T07:00:41","date_gmt":"2019-05-31T22:00:41","guid":{"rendered":"https:\/\/blog.boxcorea.com\/wp\/?p=2591"},"modified":"2019-06-13T22:03:39","modified_gmt":"2019-06-13T13:03:39","slug":"ubuntu-%eb%a6%ac%eb%88%85%ec%8a%a4%ec%97%90-tacacs-%ec%9d%b8%ec%a6%9d%ec%84%9c%eb%b2%84-%ec%84%a4%ec%b9%98%ed%95%98%ea%b3%a0-%ec%8b%9c%ec%8a%a4%ec%bd%94-%ec%8a%a4%ec%9c%84%ec%b9%98%ec%97%90-%ec%a0%81","status":"publish","type":"post","link":"https:\/\/blog.boxcorea.com\/wp\/archives\/2591","title":{"rendered":"Ubuntu \ub9ac\ub205\uc2a4\uc5d0 TACACS+ \uc778\uc99d\uc11c\ubc84 \uc124\uce58\ud558\uace0 \uc2dc\uc2a4\ucf54 \uc2a4\uc704\uce58\uc5d0 \uc801\uc6a9\ud558\uae30"},"content":{"rendered":"

\uc6b0\ubd84\ud22c \ub9ac\ub205\uc2a4\uc5d0 TACACS+ \uc778\uc99d\uc11c\ubc84 \uc124\uce58\ud558\uae30<\/p>\n

\uc124\uce58\ud658\uacbd:
\nTACACS+ \uc124\uce58 : ubuntu 18.04, ip address: 192.168.0.6
\nCisco switch: C3550, ip address: 192.168.0.200<\/p>\n

1. \uc791\uc5c5 \ud658\uacbd \ud655\uc778 \ubc0f tacacs plus \uc124\uce58<\/p>\n

\ub9ac\ub205\uc2a4 \ubc84\uc804 \ud655\uc778 <\/p>\n

$ lsb_release -a\r\nNo LSB modules are available.\r\nDistributor ID: Ubuntu\r\nDescription:    Ubuntu 18.04.1 LTS\r\nRelease:        18.04\r\nCodename:       bionic<\/pre>\n
TACACS+ \uc124\uce58<\/p>\n
$ sudo apt-get install tacacs+<\/pre>\n
<\/p>\n
2. \uc124\uc815(\/etc\/tacacs+\/tac_plus.conf) \ud654\uc77c<\/p>\n
2.1. tacacs+ \uc11c\ubc84\uc640 \ud074\ub77c\uc774\uc5b8\ud2b8\uac04\uc758 \ud328\ud0b7 \uc554\ud638\ud654\uc5d0 \uc0ac\uc6a9\ud558\ub294 \ud0a4\uc124\uc815.<\/p>\n
$ sudo vi \/etc\/tacacs+\/tac_plus.conf\r\nkey = snowfox_tacacs\t<\/pre>\n
2.2. ACL(Access Control List) \uc124\uc815
\nACL\uc740 \ud074\ub77c\uc774\uc5b8\ud2b8 IP \uc8fc\uc18c\ub098 \ud638\uc2a4\ud2b8\ub124\uc784\ubcc4\ub85c \uc0ac\uc6a9\uc790 \ub610\ub294 \uadf8\ub8f9\uc758 \ub85c\uadf8\uc778 \ub610\ub294 \uc811\uadfc\uc744 \uc81c\ud55c\ud558\ub3c4\ub85d \uc815\uc758\ud560 \uc218 \uc788\ub2e4.
\nACL\uc740 \uc544\ub798\uc640 \uac19\uc740 \ud615\uc2dd\uc73c\ub85c \uc9c0\uc815\ud560 \uc218 \uc788\ub2e4.<\/p>\n
acl = rule_name {\r\n    permission = regular_expression\r\n    # implicit deny (ie: anythong else)\r\n}<\/pre>\n
\uc544\ub798 \uc608\ub294, net_admin \uadf8\ub8f9\uc740 \ubaa8\ub4e0 IP \uc8fc\uc18c\uc5d0\uc11c, sys_admin \uadf8\ub8f9\uc740 10.10.10.2 \uc5d0\uc11c\ub9cc \uc811\uc18d\uac00\ub2a5\ud558\ub3c4\ub85d \uc124\uc815\ud55c\ub2e4.<\/p>\n
acl = net_admin {\r\n    permit = .*\r\n}\r\n\r\nacl = sys_admin {\r\n    permit = ^10\\.\\.10\\.2$\r\n}<\/pre>\n
2.3. \uadf8\ub8f9
\n\uadf8\ub8f9\uc744 \ub9cc\ub4e4\uace0 \uac01\uac01\uc758 \uadf8\ub8f9\uc774 \ub124\ud2b8\uc6cc\ud06c \uc7a5\ube44\uc5d0\uc11c \uc218\ud589\ud560 \uc218 \uc788\ub294 \uad8c\ud55c\uc744 \uc815\uc758\ud55c\ub2e4. \uadf8\ub8f9\uc740 \uc544\ub798\uc640 \uac19\uc740 \ud615\uc2dd\uc73c\ub85c \uc815\uc758\ud55c\ub2e4.<\/p>\n
group = group_name {\r\n    [ default service ]\r\n    group_attr\r\n    svc\r\n}\r\n<\/pre>\n
default service\ub97c \ud5c8\uc6a9\ud558\uae30\uc704\ud574\uc11c \uc544\ub798\uc640 \uac19\uc774 \uba85\uc2dc\ud55c\ub2e4.
\ndefault service = permission
\n\ub9cc\uc57d \uc0dd\ub7b5\ud558\uba74 \uae30\ubcf8\uac12\uc740 deny\uac00\ub41c\ub2e4.<\/p>\n
\uadf8\ub8f9 \uc18d\uc131(group_attr)\uc740 \uadf8\ub8f9 \uc0ac\uc6a9\uc790\uac00 \uc0c1\uc18d\ud558\ub294 \uc18d\uc131\uc774\uba70 ACL \uc774\ub098 \uc720\ud6a8\uae30\uac04 \uac19\uc740 \uc18d\uc131\uc744 \ud3ec\ud568\ud55c\ub2e4.
\n\uc11c\ube44\uc2a4(svc)\ub294 \uadf8\ub8f9\uc774 \uc2e4\ud589\ud560 \uad8c\ud55c\uc774 \uc788\ub294 \uc11c\ube44\uc2a4\ub97c \uc815\uc758\ud55c\ub2e4. \uc11c\ubc84\uc640 \ud074\ub77c\uc774\uc5b8\ud2b8 \ubaa8\ub450\uc5d0 \uad8c\ud55c\uc744 \ubd80\uc5ec\ud574 \uad6c\uc131\ud574\uc57c \uc62c\ubc14\ub85c \uc791\ub3d9\ud55c\ub2e4.<\/p>\n
command \uad8c\ud55c\uc740 \uc544\ub798\uc640\uac19\uc774 \uc815\uc758\ud55c\ub2e4.<\/p>\n
cmd = string {\r\n    permission regex\r\n    permission regex\r\n    ...\r\n    permission\r\n}\r\n<\/pre>\n
\uc704\uc758 2.2\uc5d0\uc11c \ub9cc\ub4e0 \ub450 \uadf8\ub8f9\uc774 \uc2e4\ud589\ud560 \uc218 \uc788\ub294 \uba85\ub839\uc5b4\ub97c \uc81c\ud55c \ud558\ub824\uba74, \uc544\ub798\uc640 \uac19\uc774 \uc124\uc815\ud55c\ub2e4.
\n\uc544\ub798\uc608\uc5d0\uc11c, net_admin \uadf8\ub8f9\uc740 \ubaa8\ub4e0 \uba85\ub839\uc5b4\ub97c \uc2e4\ud589\ud560 \uc218 \uc788\uc9c0\ub9cc, sys_admin \uadf8\ub8f9\uc740 \uc2e4\ud589\ud560 \uc218 \uc788\ub294 \uba85\ub839\uc5b4\uc758 \uc81c\ud55c\uc744 \ubc1b\ub294\ub2e4.<\/p>\n
group = net_admin {\r\n        default service = permit\r\n        acl = net_admin\r\n        service = exec {\r\n                priv-lvl = 15\r\n        }\r\n}\r\n\r\ngroup = sys_admin {\r\n        default service = deny\r\n        acl = sys_admin\r\n        service = exec {\r\n                priv-lvl = 0\r\n        }\r\n        cmd = enable {\r\n                permit .*\r\n        }\r\n        cmd = show {\r\n                permit .*\r\n        }\r\n        cmd = exit {\r\n                permit .*\r\n        }\r\n        cmd = interface {\r\n                permit Ethernet.*\r\n                permit FastEthernet.*\r\n                permit GigabitEthernet.*\r\n        }\r\n        cmd = switchport {\r\n                permit \"access vlan.*\"\r\n                permit \"trunk encapsulation.*\"\r\n                permit \"mode.*\"\r\n                permit \"trunk allowed vlan.*\"\r\n                permit \"trunk allowed vlan.*\"\r\n        }\r\n        cmd = description {\r\n                permit .*\r\n        }\r\n        cmd = no {\r\n                permit shutdown\r\n        }\r\n}\r\n<\/pre>\n
2.4. \uc0ac\uc6a9\uc790(Users)
\n\uadf8\ub8f9\uc744 \uc124\uc815\ud55c \ub2e4\uc74c\uc5d0\ub294 \uc0ac\uc6a9\uc790\ub97c \uc815\uc758\ud558\uace0 \uadf8\ub8f9\uc5d0 \uc18d\ud558\ub3c4\ub85d \ud560 \uc218 \uc788\ub2e4.
\n\uc0ac\uc6a9\uc790 \uc124\uc815\uc740 \uadf8\ub8f9\uacfc \uc720\uc0ac\ud558\uba70, \uc544\ub798\uc640 \uac19\ub2e4.<\/p>\n
user = user_name {\r\n    [ default service ]\r\n    user_attr\r\n    svc\r\n}\r\n<\/pre>\n
\uc774\uc81c, \uc704\uc758 \ub450 \uadf8\ub8f9\uc5d0 \uc18d\ud560 \uc0ac\uc6a9\uc790\ub97c \ud558\ub098\uc529 \ub9cc\ub4e0\ub2e4.
\nnet_admin \uadf8\ub8f9\uc5d0 \uc18d\ud558\ub294 nadmin \uc0ac\uc6a9\uc790\ub294 \ubbf8\ub9ac \uc815\uc758\ub41c DES\ub85c \uc554\ud638\ud654\ub41c \ube44\ubc00\ubc88\ud638\ub85c \uc778\uc99d\ud55c\ub2e4.
\nsys_admin \uadf8\ub8f9\uc5d0 \uc18d\ud558\ub294 fox \uc0ac\uc6a9\uc790\ub294 \/etc\/passwd\uc5d0\uc11c \uc778\uc99d\ud55c\ub2e4.  \uc774\ub97c \uc704\ud574\uc11c\ub294 TACACS+ \uc11c\ubc84\uc5d0\uc11c\ub3c4 \uc0ac\uc6a9\uc790\ub97c \uc124\uc815\ud574\uc57c\ud55c\ub2e4.<\/p>\n
nadmin \uc0ac\uc6a9\uc790\uc758 \ube44\ubc00\ubc88\ud638\ub97c \ub9cc\ub4e4\uae30\uc704\ud574 tac_pwd \uba85\ub839\uc5b4\ub97c \uc0ac\uc6a9\ud558\uba70 tac_plus.conf\uc5d0 DES\ub85c \uc554\ud638\ud654\ub41c \ube44\ubc00\ubc88\ud638\ub97c \uc124\uc815\ud574\uc57c\ud55c\ub2e4.<\/p>\n
# tac_pwd\r\nPassword to be encrypted: abc123\r\nIZHuieAMcFwuU<\/pre>\n
\uc0ac\uc6a9\uc790 fox\uacc4\uc815\uc744 \ub9cc\ub4e4\uace0(\ub9ac\ub205\uc2a4 \uacc4\uc815),  passwd \uba85\ub839\uc5b4\ub97c \uc0ac\uc6a9\ud558\uc5ec \ube44\ubc00\ubc88\ud638\ub97c \uc0dd\uc131\ud55c\ub2e4. <\/p>\n
# useradd fox\r\n# passwd fox\r\nEnter new UNIX password:\r\nRetype new UNIX password:\r\npasswd: password updated successfully<\/pre>\n
\ub2e4\uc74c\uc73c\ub85c enable \ube44\ubc00\ubc88\ud638\ub97c \uc0dd\uc131\ud55c\ub2e4.
\n\uc704\uc5d0\uc11c \ucc98\ub7fc, nadmin \uc0ac\uc6a9\uc790\ub294 tac_pwd \uba85\ub839\uc5b4\ub97c \uc0ac\uc6a9\ud55c\ub2e4.(enable \ube44\ubc00\ubc88\ud638\ub294 enable \ub85c \uc124\uc815)<\/p>\n
# tac_pwd\r\nPassword to be encrypted: enable\r\nWuVeol5JWp3Nk<\/pre>\n
\uc0ac\uc6a9\uc790 fox\uc758 \uacbd\uc6b0\uc5d0\ub294 TACAS+ \ub370\ubaac\uc5d0\uc11c\ud2b9\ubcc4\ud788 \uc815\uc758\ub41c \uc0ac\uc6a9\uc790\uc778 ‘$ enable $’\ub97c \uc0ac\uc6a9\ud558\ub294\ub370, \uc774 \uac83\uc740  \uc0ac\uc6a9\uac00\ub2a5\ud55c \ube44\ubc00\ubc88\ud638\ub97c \uc124\uc815\ud558\uc9c0 \uc54a\uc740 \ubaa8\ub4e0 \uc0ac\uc6a9\uc790\ub4e4\uc774 \uae30\ubcf8\uc73c\ub85c \uc0ac\uc6a9\ud558\uac8c\ub41c\ub2e4.
\ntac_pwd \uba85\ub839\uc5b4\ub85c ‘$ enable $’ \uc0ac\uc6a9\uc790\uc758 \ube44\ubc00\ubc88\ud638\ub97c \uc0dd\uc131\ud55c\ub2e4. \uc5ec\uae30\uc11c\ub294 \ube44\ubc00\ubc88\ud638\ub97c ‘default’\ub85c \uc124\uc815\ud588\ub2e4)<\/p>\n
# tac_pwd\r\nPassword to be encrypted: default\r\n8Kytdhagh743s<\/pre>\n
\uc774\uc81c, tac_plus.conf \uc5d0 \uc544\ub798 \ub0b4\uc6a9\uc744 \ucd94\uac00\ud558\uc5ec \uc0ac\uc6a9\uc790 \uc124\uc815\uc744 \ub9c8\ubb34\ub9ac\ud55c\ub2e4.<\/p>\n
## user account and passwd\r\nuser = nadmin {\r\n        member = net_admin\r\n        login = des IZHuieAMcFwuU\r\n        enable = des WuVeol5JWp3Nk\r\n}\r\n\r\nuser = fox {\r\n        login = file \/etc\/passwd\r\n        member = sys_admin\r\n}\r\n\r\nuser = $enable$ {\r\n        login = des 8Kytdhagh743s\r\n}<\/pre>\n
3. TACACS+ \uc11c\ube44\uc2a4 \uc2e4\ud589<\/p>\n
\uc774\uc81c, TACACS+ \uc11c\ube44\uc2a4\ub97c \uc2dc\uc791\ud558\uace0, \uc11c\ube44\uc2a4 \uc0c1\ud0dc\ub97c \ud655\uc778\ud574 \ubcf8\ub2e4.<\/p>\n
# systemctl start tacacs_plus\r\n\r\n# systemctl status tacacs_plus\r\n\u25cf tacacs_plus.service - LSB: TACACS+ authentication daemon\r\n   Loaded: loaded (\/etc\/init.d\/tacacs_plus; generated)\r\n   Active: active (running) since Thu 2019-05-30 15:37:16 KST; 46min ago\r\n     Docs: man:systemd-sysv-generator(8)\r\n    Tasks: 1 (limit: 1109)\r\n   CGroup: \/system.slice\/tacacs_plus.service\r\n           \u2514\u25001004 \/usr\/sbin\/tac_plus -C \/etc\/tacacs+\/tac_plus.conf\r\n\r\nMay 30 15:37:13 fox tacacs_plus[909]:  * Starting TACACS+ authentication daemon\r\nMay 30 15:37:14 fox tac_plus[941]: Reading config\r\nMay 30 15:37:14 fox tac_plus[941]: Version F4.0.4.27a Initialized 1\r\nMay 30 15:37:15 fox tac_plus[989]: Reading config\r\nMay 30 15:37:15 fox tac_plus[989]: Version F4.0.4.27a Initialized 1\r\nMay 30 15:37:15 fox tac_plus[1004]: socket FD 0 AF 2\r\nMay 30 15:37:15 fox tac_plus[1004]: socket FD 2 AF 10\r\nMay 30 15:37:15 fox tac_plus[1004]: uid=0 euid=0 gid=0 egid=0 s=829941392\r\nMay 30 15:37:16 fox tacacs_plus[909]:    ...done.\r\nMay 30 15:37:16 fox systemd[1]: Started LSB: TACACS+ authentication daemon.<\/pre>\n
4. \uc2dc\uc2a4\ucf54 \uc2a4\uc704\uce58 \uc124\uc815 \ubc0f \ud14c\uc2a4\ud2b8<\/p>\n
\uc2dc\uc2a4\ucf54 \uc2a4\uc704\uce58 \uc124\uc815 \ub0b4\uc6a9\uc740 \uc544\ub798 \ubb38\uc11c\ub97c \ucc38\uace0.<\/p>\n
Switch(config)#tacacs-server host 192.168.0.6\r\nSwitch(config)#tacacs-server directed-request\r\nSwitch(config)#tacacs-server key snowfox_tacacs\r\n\r\nSwitch(config)#aaa authentication login default group tacacs+ local\r\nSwitch(config)#aaa authentication enable default group tacacs+ enable\r\nSwitch(config)#aaa authorization config-commands\r\nSwitch(config)#aaa authorization commands 0 default group tacacs+ local\r\nSwitch(config)#aaa authorization commands 1 default group tacacs+ local\r\nSwitch(config)#aaa authorization commands 7 default group tacacs+ local\r\nSwitch(config)#aaa authorization commands 15 default group tacacs+ local\r\nSwitch(config)#aaa accounting commands 0 default start-stop group tacacs+\r\nSwitch(config)#aaa accounting commands 1 default start-stop group tacacs+\r\nSwitch(config)#aaa accounting commands 7 default start-stop group tacacs+\r\nSwitch(config)#aaa accounting commands 15 default start-stop group tacacs+\r\nSwitch(config)#aaa accounting network 0 start-stop group tacacs+\r\nSwitch(config)#aaa accounting network 15 start-stop group tacacs+\r\nSwitch(config)#aaa accounting connection 0 start-stop group tacacs+\r\nSwitch(config)#aaa accounting connection 15 start-stop group tacacs+\r\nSwitch(config)#aaa session-id common\r\nSwitch(config)#end\r\n\r\nSwitch(config)#line con 0\r\nSwitch(config-line)#login authentication consol\r\nSwitch(config-line)#line vty 0 4\r\nSwitch(config-line)# access-class 99 in\r\nSwitch(config-line)# exec-timeout 15 0\r\nSwitch(config-line)# privilege level 15\r\nSwitch(config-line)# authorization exec vty\r\nSwitch(config-line)# accounting commands 1 pri1\r\nSwitch(config-line)# accounting commands 5 pri5\r\nSwitch(config-line)# accounting commands 15 pri15\r\nSwitch(config-line)# accounting exec vty\r\nSwitch(config-line)# login authentication vty\r\nSwitch(config-line)#line vty 5 15\r\nSwitch(config-line)# access-class 99 in\r\nSwitch(config-line)# exec-timeout 15 0\r\nSwitch(config-line)# privilege level 15\r\nSwitch(config-line)# authorization exec vty\r\nSwitch(config-line)# accounting commands 1 pri1\r\nSwitch(config-line)# accounting commands 5 pri5\r\nSwitch(config-line)# accounting commands 15 pri15\r\nSwitch(config-line)# accounting exec vty\r\nSwitch(config-line)# login authentication vty\r\nSwitch(config-line)#end<\/pre>\n
\ud14c\uc2a4\ud2b8, user fox\ub294 \uba85\ub839\uc5b4\uac00 \uc81c\ud55c\ub428\uc744 \ubcfc \uc218 \uc788\ub2e4.<\/p>\n
User Access Verification\r\n\r\nUsername: nadmin\r\nPassword:\r\n\r\nSwitch#conf t\r\nEnter configuration commands, one per line.  End with CNTL\/Z.\r\nSwitch(config)#\r\n\r\n\r\nUser Access Verification\r\n\r\nUsername: fox\r\nPassword:\r\n\r\nSwitch#conf t\r\nCommand authorization failed.<\/pre>\n
5. \uc124\uc815 \ub0b4\uc6a9
\n5.1. TACACS+ \uc11c\ubc84 \uc124\uc815<\/p>\n
root@fox:\/var\/log# cat \/etc\/tacacs+\/tac_plus.conf\r\n# Created by Henry-Nicolas Tourneur(henry.nicolas@tourneur.be)\r\n# See man(5) tac_plus.conf for more details\r\n\r\n# Define where to log accounting data, this is the default.\r\n\r\naccounting file = \/var\/log\/tac_plus.acct\r\n\r\n# This is the key that clients have to use to access Tacacs+\r\n\r\n#key = testing123\r\nkey = snowfox_tacacs\r\n\r\n# Use \/etc\/passwd file to do authentication\r\n\r\n#default authentication = file \/etc\/passwd\r\n\r\n\r\n# You can use feature like per host key with different enable passwords\r\n#host = 127.0.0.1 {\r\n#        key = test\r\n#        type = cisco\r\n#        enable = <des|cleartext> enablepass\r\n#        prompt = \"Welcome XXX ISP Access Router \\n\\nUsername:\"\r\n#}\r\n\r\n# We also can define local users and specify a file where data is stored.\r\n# That file may be filled using tac_pwd\r\n#user = test1 {\r\n#    name = \"Test User\"\r\n#    member = staff\r\n#    login = file \/etc\/tacacs\/tacacs_passwords\r\n#}\r\n\r\n# We can also specify rules valid per group of users.\r\n#group = group1 {\r\n#       cmd = conf {\r\n#               deny\r\n#       }\r\n#}\r\n\r\n# Another example : forbid configure command for some hosts\r\n# for a define range of clients\r\n#group = group1 {\r\n#       login = PAM\r\n#       service = ppp\r\n#       protocol = ip {\r\n#               addr = 10.10.0.0\/24\r\n#       }\r\n#       cmd = conf {\r\n#               deny .*\r\n#       }\r\n#}\r\n\r\nuser = DEFAULT {\r\n        login = PAM\r\n        service = ppp protocol = ip {}\r\n}\r\n\r\nacl = net_admin {\r\n        permit = .*\r\n}\r\nacl = sys_admin {\r\n        permit = ^192\\.168\\.0\\.\r\n}\r\n\r\n# Much more features are availables, like ACL, more service compatibilities,\r\n# commands authorization, scripting authorization.\r\n# See the man page for those features.\r\n#\r\n\r\ngroup = net_admin {\r\n        default service = permit\r\n        acl = net_admin\r\n        service = exec {\r\n                priv-lvl = 15\r\n        }\r\n}\r\n\r\ngroup = sys_admin {\r\n        default service = deny\r\n        acl = sys_admin\r\n        service = exec {\r\n                priv-lvl = 0\r\n        }\r\n        cmd = enable {\r\n                permit .*\r\n        }\r\n        cmd = show {\r\n                permit .*\r\n        }\r\n        cmd = exit {\r\n                permit .*\r\n        }\r\n        cmd = interface {\r\n                permit Ethernet.*\r\n                permit FastEthernet.*\r\n                permit GigabitEthernet.*\r\n        }\r\n        cmd = switchport {\r\n                permit \"access vlan.*\"\r\n                permit \"trunk encapsulation.*\"\r\n                permit \"mode.*\"\r\n                permit \"trunk allowed vlan.*\"\r\n                permit \"trunk allowed vlan.*\"\r\n        }\r\n        cmd = description {\r\n                permit .*\r\n        }\r\n        cmd = no {\r\n                permit shutdown\r\n        }\r\n}\r\n\r\n## user account and passwd\r\nuser =  nadmin {\r\n        member = net_admin\r\n        login = des IZHuieAMcFwuU\r\n        enable = des WuVeol5JWp3Nk\r\n}\r\n\r\nuser = fox {\r\n        login = file \/etc\/passwd\r\n        member = sys_admin\r\n}\r\n\r\nuser = $enable$ {\r\n        login = des 8Kytdhagh743s\r\n}\r\n<\/pre>\n
5.2. CISCO \uc2a4\uc704\uce58 \uc124\uc815(TACACS+ \ud14c\uc2a4\ud2b8\ub97c \uc704\ud55c \ucd5c\uc18c \uc124\uc815\uc784).<\/p>\n
Switch#sh run\r\nBuilding configuration...\r\n\r\nCurrent configuration : 5233 bytes\r\n!\r\nversion 12.2\r\nno service pad\r\nservice timestamps debug datetime msec\r\nservice timestamps log datetime msec\r\nno service password-encryption\r\n!\r\nhostname Switch\r\n!\r\n!\r\naaa new-model\r\n!\r\n!\r\naaa authentication login default group tacacs+ local\r\naaa authentication enable default group tacacs+ enable\r\naaa authorization config-commands\r\naaa authorization commands 0 default group tacacs+ local\r\naaa authorization commands 1 default group tacacs+ local\r\naaa authorization commands 7 default group tacacs+ local\r\naaa authorization commands 15 default group tacacs+ local\r\naaa accounting commands 0 default start-stop group tacacs+\r\naaa accounting commands 1 default start-stop group tacacs+\r\naaa accounting commands 7 default start-stop group tacacs+\r\naaa accounting commands 15 default start-stop group tacacs+\r\naaa accounting network 0 start-stop group tacacs+\r\naaa accounting network 15 start-stop group tacacs+\r\naaa accounting connection 0 start-stop group tacacs+\r\naaa accounting connection 15 start-stop group tacacs+\r\n!\r\n!\r\n!\r\naaa session-id common\r\n!\r\nvlan 192\r\n!\r\n!\r\n!\r\ninterface FastEthernet0\/1\r\n switchport access vlan 192\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/2\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/3\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/4\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/5\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/6\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/7\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/8\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/9\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/10\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/11\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/12\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/13\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/14\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/15\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/16\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/17\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/18\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/19\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/20\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/21\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/22\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/23\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/24\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/25\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/26\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/27\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/28\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/29\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/30\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/31\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/32\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/33\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/34\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/35\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/36\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/37\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/38\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/39\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/40\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/41\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/42\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/43\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/44\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/45\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/46\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/47\r\n switchport mode dynamic desirable\r\n!\r\ninterface FastEthernet0\/48\r\n switchport mode dynamic desirable\r\n!\r\ninterface GigabitEthernet0\/1\r\n switchport mode dynamic desirable\r\n!\r\ninterface GigabitEthernet0\/2\r\n switchport mode dynamic desirable\r\n!\r\ninterface Vlan1\r\n ip address dhcp\r\n shutdown\r\n!\r\ninterface Vlan192\r\n ip address 192.168.0.200 255.255.255.0\r\n!\r\nip default-gateway 192.168.0.1\r\nip classless\r\nip http server\r\n!\r\ntacacs-server host 192.168.0.6 timeout 5\r\ntacacs-server directed-request\r\ntacacs-server key snowfox_tacacs\r\n!\r\ncontrol-plane\r\n!\r\n!\r\nline con 0\r\n login authentication consol\r\nline vty 0 4\r\n exec-timeout 15 0\r\n privilege level 15\r\n authorization exec vty\r\n accounting commands 1 pri1\r\n accounting commands 5 pri5\r\n accounting commands 15 pri15\r\n accounting exec vty\r\n login authentication vty\r\nline vty 5 15\r\n exec-timeout 15 0\r\n privilege level 15\r\n authorization exec vty\r\n accounting commands 1 pri1\r\n accounting commands 5 pri5\r\n accounting commands 15 pri15\r\n accounting exec vty\r\n login authentication vty\r\n!\r\nend<\/pre>\n
\ucc38\uace0\ubb38\uc11c: <\/p>\n
\n
TACACS+ on Ubuntu 14.04 LTS<\/a><\/p><\/blockquote>\n