HoloBlog

Holonomix view of the world of IT operations management, process automation and life in general


mike-100

Michael Bohnel, Holonomix Technical Services Director. 

 "The Packet Design Route Explorer (REX) appliance can be configured to make use of external authentication protocols such as TACACS+ and Radius (in addition to the default local authentication capability provided out of the box) This Holonomix AppNote describes how to enable TACACS+ authentication to a CiscoSecure ACS server"

 


Note – CiscoSecure ACS versions 4.x & 5.x are significantly different in their UI functionality, although in principle the approach used for version 4.x below is applicable to version 5.x.

 


(1) On the Packet Design REX Administration: User Administration screen you will need to define the TACACS+ Server and Shared Secret (selecting the Show Shared Secret button will show the entry in clear text – useful for validating you have entered it correctly). Click on Update to apply the change.

 

 

PDCS1 

 

 

(2) On the CiscoSecure ACS system you now need to do the following:


 (a) Add Interface Definitions for protocols:

  • rex-admin
  • rex-cli
  • rex-op
  • rex-guest

 

 

 PDCS2

 


(b) Extend the Interface Configuration to enable per-user TACACS+/RADIUS Attributes:


PDCS3

 

(c) Configure the User to enable the appropriate rex-* protocol:

 

   PDCS4

 

It should now be possible to login to the Packet Design REX appliance using the user credentials that you have just configured in CiscoSecure ACS.