1. Download 

Download the basic (free) version tacacs.net by clicking on the following link:  http://www.tacacs.net so that the TACACS server can be installed on your computer. 
 
2. Installation 

• Run the TACACSSetup_v*.exe installation wizard. Follow all instructions provided by the installation wizard during the installation of the server. 

• During the wizard setup you have the possibility to enter a customized shared secret.  In this example 1234567890 was entered.  If you would like to change this later, you can do so in clients.xml. 

• The wizard will install the configuration and log files to different locations depending on your operating system. See the readme.rtf file provided automatically after the installation in the Program Menu for the location of installed files. 

• 

• 3. Configuration of the TACACS server 

• 3.1- Open the .xml files   
  To carry on the TACACS server configuration, open the Configuration file located in the TACASCS.net file. In the Configuration file you will find three different .xml files that have to be modified.  
  - authentication.xml 
  - clients.xml 
  - tacplus.xml 
   Eventually move properties from Read-Only to Read-Write. 

    
  Note 1: Before xml files are modified it is recommendable to first create a backup of them in case that they need to be restored later. 

•    3.2- Edition of the authentication.xml file    

Here it is possible to set desired usernames and passwords according to the number of users that have access to the server. To do the text edition on the username and password fields, remove the comments marks <!--  from the code  in the UserGroup section. 
  
In this example one group name, username and password for one server user is showed 
  
•Add group name: Network Engineering (name of the group) 
•Add username: admin (or username) 
•Add password: (in our example gabrieltest)  
3.3- Edition of the Clients.xml file 
  
- Confirm the shared secret defined during the installation. 
If the shared secret was not entered during the installation, it is possible to enter it here too. 
In this example the shared secret 1234567890 was used. 
  
-Add the IP of the client device (in this case the NPort´s IP address).3.4- Edition of the Tacplus.xml file 
Enter the IP address of the computer where the TACASCS server is installed.  

• 4. Verification 

• Check configuration for syntax errors by running the TACVerify utility. It can be found in the Program Menu. If the tool detects any errors, go back and fix them and run the utility again. 

• 5. Test 

• 5.1- To avoid errors during the test it would be better if the firewall of the computer, where the server is running, is disabled. 
  5.2- Check if the TACACS service is running on the Services Management Console: Start > Control Panel > Administrative Tools > Services. In case that the TACACS service is not running, start this service. 
  5.3- Run the TACTest utility to verify that the system is working correctly. It can be found in the Program Menu. 

• When the cmd prompt is opened, write the following command using your configured values: 
  tactest –s server ip  -k mykey -u myuser -p mypassword 
  where 

  server ip: IP of the computer where the server runs 

  mykey: Shared Key 

  myuser: Username 

  mypassword: Password 

   

  For this example: 

  tactest –s 192.168.127.1 -k 1234567890 -u admin -p gabrieltest 

• If the server is working fine, the following result appears under SUMMARY STATISTICS. Now the server is ready to be used in connection with the NPort. 
  Note: If the server has any problem to start please verify that the computer, where the server runs, is using the port 49 used for the TACACS service (command netstat –a  to check used ports). 
  

  6. NPort Setting for TACACS+ Server 

   

  Under the Authentication Server tab enter the TACACS+ server IP and the TACASCS+ secret 
  TACACS+ server: IP address or domain name of the TACACS+ server. 
  TACACS+ secret: Secret number. 
  TACACS+ accounting: Enable or disable TACACS+ accounting. 
    
    
  For this example you have the following: 
  • TACACS+ server: PC IP (192.168.127.1) 
  • TACACS+ secret: shared secret (1234567890) 

  7. NPort Setting – Console Settings 

  Under the Console Settings tab enter the console authentication type. 
  - Console setting type: TACACS+ 
  - Submit and restart NPort 

  8. Set up the User Account based on the Access Permission provided by the NPort 

  It is possible to create different Account Names under different existed Groups or “Privilege levels” as follows. 
   
  Default there are three different Group Names on the NPort 6000. It is possible as well to add more customized groups with different access permissions. Add an Account Name based on the access permission that you wish. 

  9. Define user settings in server configuration 

  Go to the TACACS+ Server and in the authentication.xml file edit the group names, usernames and passwords with the same group names, usernames and passwords set in the NPort. 

  10. Modify the AutoExec setting into the authorization.xml file. 

  Keep in mind the following: 
  a- The User Group names have to match with the User Group names used in the authentication.xml file. 
  b- On the NPort are used the following privilege levels based on TACACS+ Server. 
    
                 a. Privilege level = 15, it’s admin 
                 b. Privilege level = 10 ~ 14, it’s port admin 1 
                 c. Privilege level = 5 ~ 9, it’s port admin 2 
                 d. Privilege level = 1 ~ 4, it’s guest 
    
  In example below 
  - Privilege level = 15 for admin                
  - Privilege level = 1 for guest 11. Log in on NPort Web Console “admin” is a username under the group “administrator” with the following outcome. Accessing to the NPort with used user3 
  “user3” is a username under the group “guest” with the following outcome.