Nexus Configuration prepare for tacacs

  1. Homepage
  2. Documentation
  3. Device Configuration
  4. Cisco Systems
  5. Cisco Nexus (NX-OS)
  6. Nexus Configuration

Add Nexus to TacacsGUI. NX-OS Configuration

Section Content

Nexus Configuration

Prepare the system.

conf t ;!configure terminal
interface mgmt0 ;!prepare interface that will be source for communication with tacacs server
  vrf member management
  ip address your interface ip
  exit
vrf context management
  ip route 0.0.0.0/0 your gateway
  exit
exit

Test communication to tacacs server.

ping 10.6.20.10 vrf management
PING 10.6.20.10 (10.6.20.10): 56 data bytes
64 bytes from 10.6.20.10: icmp_seq=0 ttl=61 time=56.947 ms
64 bytes from 10.6.20.10: icmp_seq=1 ttl=61 time=6.454 ms
64 bytes from 10.6.20.10: icmp_seq=2 ttl=61 time=6.735 ms
64 bytes from 10.6.20.10: icmp_seq=3 ttl=61 time=5.532 ms
64 bytes from 10.6.20.10: icmp_seq=4 ttl=61 time=6.039 ms

--- 10.6.20.10 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 5.532/16.341/56.947 ms

Tacacs Server Configuration

tacacs-server host 10.6.20.10 key 0 preshared key

aaa group server tacacs+ tacgui
    server 10.6.20.10
    use-vrf management
	exit
aaa authentication login default group tacgui local
aaa authentication login console local
aaa authorization config-commands default group tacgui local
aaa authorization commands default group tacgui local
aaa accounting default group tacgui

Test AAA Settings

Run the test.

test aaa group tacgui nexus_user cisco123 ;!using wrong password
user has failed authentication
test aaa group tacgui nexus_user 123123 ;!using correct password
user has been authenticated

Auth with Tacacs user

login as: nexus_user
User Access Verification
Using keyboard-interactive authentication.
Password:

Cisco NX-OS Software
Copyright (c) 2002-2018, Cisco Systems, Inc. All rights reserved.
...

h9k# show ver ;!permited command
Cisco Nexus Operating System (NX-OS) Software
...

Nexus 9000v is a demo version of the Nexus Operating System

Software
  BIOS: version
 NXOS: version 9.2(2)
...

h9k# conf t ;!not permited command
Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10)
h9k# sh interf ;!not permited command
Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10)
h9k# show user-account
user:nexus_user
        roles:network-admin vdc-admin ;!predefined roles
account created through REMOTE authentication
Credentials such as ssh server key will be cached temporarily only for this user
 account
Local login not possible
Author: Alexey Mochalin; Created at: 2018-12-06 11:17:32; Updated at: 2018-12-06 19:32:49