CiscoSecureACS3.0forWindows2000Servers安装及配置

1、Cisco Secure ACS 3.0 for Win dows 2000/2003 Servers 安装及配置(TACACS+ )一、服务器ip地址02二、系统管理员帐户及口令user name adm inpassword: CNCadmin三、Key ( shared secret )cisc o&alcatel四、用户及组规划4.1本地帐户及口令设备用户名口令创建/维护方法密码修改用途权限Ciscoadmi nCattools自动/批量不变本地认证/Cattools1en able secretCattools自动/批量定期本地认证/Cattools15Alca

2、teladmi n手工/逐台或ZMud定期本地认证/Cattools154.2 TACACS+帐户及口令组名组号用户名口令密码修改用途权限SureKam Admin2surekamadm in定期联信管理员15CNC_Admin1caizhiyi定期局方管理员15dengzhao定期局方管理员15五、安装 Cisco Secure ACS 3.0安装 Cisco Secure ACS 3.0安装 J2SE Run time En viro nment 5.0安装 Netscape Communicator Version 8.1六、配置 Cisco Secure ACS 3.0http:/12

3、:2002/从本地登陆 ACS Admin :配置系统管理员帐户CllCO SYlTIMtAdministration Control-NetworkConfigurationSystemConfigurationr?P=L I Inst卷Ff古住电| U 存| Conf igurtionGroupSet upShared Profile_(1 I Ad ministration| Control”打 I External User J J丿 I DatabasesAclminisrra t ors?J|sidmiriAddAccess Policy Session Policy

4、%hidl扃Pl I 0：nline巴二| Dflhcumentation1) 选择Add Administrator ”2) Administrator Privileges 中选择Grant All网络配置(Network Con figuration)11縊11 Group| SetupAAA Clients懸&iirkrO Idle tiine匚1 Xo callback verify-口 Enabled口 Xo escapeO Enabled口 Xo hangup Enabled回 Privilege kv赳15口 TiniecirtSubmit Submit + Restart |

5、 Cancel5)不同的组对应不同的Privilege level4) 选择 Submit+Restart配置用户帐户User:Find 底dd/E血Li r 2丄 企三色空色2全亘1）输入用户名2）选择 Add/Edit3）填写相关信息4）Group to which the user is assigned:中选择用户对应的组5）选择 Submit七、配置 NAS (AAA Client )Cisco 2950aaa n ew-modelaaa authe nticati on log in default local group tacacs+ aaa authorizati on ex

6、ec default local group tacacs+ en able secret 5 $1$rCz9$ .L TTvZt7TaeL8ggTp2 nnO.!user name yangjy password 0 sure0208tacacs-server host tacacs-server attempts 5 tacacs-server key ciscoAlcatel 5022/5052Omn iCore utils user uncon figured tacacsplusOmn iCore utils user tacacs+ secret secret

7、Keystri ngNoSpaces Omn iCore utils user tacacs+ primary-server Omn iCore utils user tacacs+ sec on dary-server Omn iCore utils user local-fallback en ableOmn iCore utils user tacacs+ authe n-status en ableOmn iCore utils user tacacs+ author-status en able八、配置帐户密码的有效期LlUsr Setu

8、pGroup3*tup%Sh-ared Prfite- ComporientsNtvnrkCortfiurtioraSystemConfigurationinrfic#1n 国Q I AdmintstrationControlIn terface Con figurati on乌 ACS-Ci沱o 105”| ExUrnal Ufrk-1% I Reports antiI Activity感n I niin*右二| Documentaticri选择 Advanced OptionsInterface Configuration0 Per-user TACACS-KADIUS Araibutts

9、 U5er-lvel Shore d N thrork Acc e s s Restri匚tiotu13 User-Ld Xervork Access Rebtrictioni Lscr-Led Downloadable ACLs0 Cefanlt Tinie.-ofDay Day-of Week Sps 匸iticaticin. Gronp-Level Shared?iati5口 Usage Quotas Di.stnbuted Svtem Setting?I Remote LoggingI I CiscoSecure ACS Database Repiicaticin RDBMS Sync

10、hrot血Egh圧 PcolsI . Setviork Dedce Groupsll Vcc-over-IP (VoIP Group Settings Xoicc-over-IP A*&IPi Accountiiig Configuralion ODBC Loggiiig选择 Group-Level Password Aging 选项Group SetupGroup ： ： 0: Default Group (1 user)vUsers in GroupEdit SettingsRename CroupPassword Aging RulesPassword Aging Rules0 AppK age-bylare rulesActhe period60daysWarning period5daysGrace period5days Apphp-uses rulesIssue warning 汝erTlosdns *Reqiire change after-i -losdns +Use -1 tor tio prompt Apph password change ruleForces tlie user to chaise the password on the first log-iii after a