1, the device topology:
N7K(mgmt0)----VMnet1-----ACS5.2
2, device configuration:
2.1, Basic Configuration
first part: N7K
interface mgmt0
VRF Member Management
IP address 10.0.0.101/24
test connectivity:
N7K-2 # of ping 10.0.0.1
the PING 10.0.0.1 (10.0.0.1): Data bytes 56 is
of ping: the sendto 10.0.0.1 64 chars, No route to Host
^ C
--- 10.0.0.1 of ping statistics ---
. 1 Transmitted packets, 0 Received packets, the 100.00% Packet Loss
N7K-2 # VRF Management of ping 10.0.0.1
the PING 10.0 .0.1 (10.0.0.1): Data bytes 56 is
64 bytes from 10.0.0.1: icmp_seq TTL = 0 Time = 0.677 MS = 63 is
64 bytes from 10.0.0.1: icmp_seq. 1 TTL = Time = 0.524 MS = 63 is
64 bytes from 10.0. 0.1: 2 icmp_seq TTL = Time = 0.952 MS = 63 is
64 bytes from 10.0.0.1: icmp_seq. 3 = 63 is TTL = Time = 0.843 MS
64 bytes from 10.0.0.1: icmp_seq=4 ttl=63 time=0.469 ms
--- 10.0.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.469/0.692/0.952 ms
第二部分:ACS5.2
ACS/admin# sho interface gigabitEthernet 0
eth0 Link encap:Ethernet HWaddr 00:0C:29:33:F9:EF
inet addr:10.0.0.102 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe33:f9ef/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5735 errors:0 dropped:0 overruns:0 frame:0
TX packets:7979 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1319303 (1.2 MiB) TX bytes:8018911 (7.6 MiB)
Interrupt:177 Base address:0x2000
测试连通性:
ACS/admin# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=0.240 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.190 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.207 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.185 ms
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3016ms
rtt min/avg/max/mdev = 0.185/0.205/0.240/0.025 ms, pipe 2
ACS/admin#
2.2、保证N7K和ACS之前的连通性:
N7K-2# ping 10.0.0.102 vrf management
PING 10.0.0.102 (10.0.0.102): 56 data bytes
64 bytes from 10.0.0.102: icmp_seq=0 ttl=63 time=0.713 ms
64 bytes from 10.0.0.102: icmp_seq=1 ttl=63 time=0.564 ms
64 bytes from 10.0.0.102: icmp_seq=2 ttl=63 time=0.629 ms
64 bytes from 10.0.0.102: icmp_seq=3 ttl=63 time=0.654 ms
64 bytes from 10.0.0.102: icmp_seq=4 ttl=63 time=1.162 ms
--- 10.0.0.102 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.564/0.744/1.162 ms
N7K-2#
2.3 configured Tacacs
main configuration section configured to reflect green, or other part is automatically generated default configuration.
N7K-2 # sho running-config tacacs + all
!Command: show running-config tacacs+ all
!Time: Mon Sep 2 12:21:19 2019
version 6.1(1)
feature tacacs+
tacacs-server key 7 "Fewhg@123"
no ip tacacs source-interface
tacacs-server test username test password test idle-time 0
tacacs-server timeout 5
tacacs-server deadtime 0
tacacs-server host 10.0.0.102 port 49
tacacs-server host 10.0.0.102 test username test password test idle-time 0
aaa group server tacacs+ TACACS
server 10.0.0.102
use-vrf management
no source-interface
2.4, ACS configuration
N7K-2 and device name need not be the same, here we are for the good! This is just the definition of a name of the device, that is the main IP address.
3. Verify
N7K-2# exit
*****************
the Username: ADMIN
Password: Cisco
*****************
N7K-2 Login: ADMIN
Password: (where using cisco, wrong!)
the Login in here Incorrect
*****************
Username: admin
Password: cisco
*****************
login: admin
Password: (这里使用了AAA的账户,成功了!)
Last login: Mon Sep 2 12:03:31 UTC 2019 on ttyS0
Last login: Mon Sep 2 12:25:25 on ttyS0
Cisco NX-OS Software
Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.
NX-OS/Titanium software ("NX-OS/Titanium Software") and related
documentation, files or other reference materials ("Documentation")
are the proprietary property and confidential information of Cisco
Systems, Inc. ("Cisco") and are protected, without limitation,
pursuant to United States and International copyright and trademark
laws in the applicable jurisdiction which provide civil and criminal
penalties for copying or distribution without Cisco's authorization.
The use of NX-OS/Titanium Software and Documentation is strictly
limited to Cisco's internal use.
Any use or disclosure, in whole or in part, of the NX-OS/Titanium
Software or Documentation to any third party for any purposes is
expressly prohibited except as otherwise authorized by Cisco in writing.
The copyrights to certain works contained herein are owned by other
third parties and are used and distributed under license. Some parts
of this software may be covered under the GNU Public License or the
GNU Lesser General Public License. A copy of each such license is
available at
http://www.gnu.org/licenses/gpl.html and
http://www.gnu.org/licenses/lgpl.html
N7K-2#
4 View certification information on ACS
I can see this is a mistake and lost twice before and after the case of the password:
Detail information:
