Comments on: Managing Cisco ACE (Application Control Engine) modules with TACACS+ http://tacacs.org/2008/10/16/managing-cisco-ace-application-control-engine-modules-with-tacacs/ Casting Light on the Dark Art of TACACS+ Thu, 08 Sep 2011 03:11:00 -0400 http://wordpress.org/?v=2.8.4 hourly 1 By: jpayne http://tacacs.org/2008/10/16/managing-cisco-ace-application-control-engine-modules-with-tacacs/comment-page-1/#comment-1591 jpayne Thu, 10 Mar 2011 16:00:01 +0000 http://blogs.sackheads.org/jpayne/?p=33#comment-1591 <p>Thanks for the feedback. I had not spotted the PAP login because we have PAP enabled (duplicating the login) on all our admin accounts for a number of other device types.</p> Thanks for the feedback. I had not spotted the PAP login because we have PAP enabled (duplicating the login) on all our admin accounts for a number of other device types.

]]> By: Toem http://tacacs.org/2008/10/16/managing-cisco-ace-application-control-engine-modules-with-tacacs/comment-page-1/#comment-1589 Toem Thu, 10 Mar 2011 15:53:42 +0000 http://blogs.sackheads.org/jpayne/?p=33#comment-1589 <p>Thanks, this helps. </p> <p>I set up TACACS+ authentication on an ACE running system: Version A2(3.3) [build 3.0(0)A2(3.3)] Yeah and based on the role model it works fine for me, I only Admin and Network-Monitor, so there is your level 15 and 1.</p> <p>Beside authentication it does authorization as well: -- snipet from the tacacs server in debug mode --- authorization query for 'superu' -- eos from the tacacs server in debug mode ---</p> <p>Another very important information is the different authentication style. The ACE uses PAP-Login instead of Login.</p> <p>-- Configlet for a superuser -- user = superu { pap = cleartext "superu78" login = cleartext "superu78" member = ace-user } -- EOC for a superuser --</p> <p>Thanks. Slainte Toem</p> Thanks, this helps.

I set up TACACS+ authentication on an ACE running system: Version A2(3.3) [build 3.0(0)A2(3.3)] Yeah and based on the role model it works fine for me, I only Admin and Network-Monitor, so there is your level 15 and 1.

Beside authentication it does authorization as well: – snipet from the tacacs server in debug mode — authorization query for ’superu’ – eos from the tacacs server in debug mode —

Another very important information is the different authentication style. The ACE uses PAP-Login instead of Login.

– Configlet for a superuser – user = superu { pap = cleartext “superu78″ login = cleartext “superu78″ member = ace-user } – EOC for a superuser –

Thanks. Slainte Toem

]]>