Cisco TACACS + Secure Network Analytics User Guide

Cisco Secure Network Analytics, yomwe imadziwikanso kuti Stealthwatch,
amagwiritsa ntchito Terminal Access Controller Access-Control System
(TACACS+) protocol yotsimikizira ndi kuvomereza ntchito.
Imalola ogwiritsa ntchito kupeza mapulogalamu angapo ndi seti imodzi
za mbiri.

Malangizo Ogwiritsira Ntchito Zogulitsa

Mawu Oyamba

Kuti mukonze TACACS + ya Cisco Secure Network Analytics, tsatirani
njira zomwe zafotokozedwa mu bukhuli.

Omvera

Bukuli ndi la oyang'anira maukonde ndi ogwira ntchito
ndi udindo kukhazikitsa ndi kukonza Secure Network Analytics
mankhwala. Kuti muyike akatswiri, funsani a Cisco yakomweko
Partner kapena Cisco Support.

Terminology

Bukuli limatchula chinthucho ngati chida, kuphatikiza
zinthu zenizeni monga Cisco Secure Network Analytics Flow
Sensor Virtual Edition. Magulu ndi magulu a zida zoyendetsedwa
ndi Cisco Secure Network Analytics Manager.

Kugwirizana

Onetsetsani kuti ogwiritsa ntchito onse alowa kudzera mu Manager wa TACACS+
kutsimikizira ndi kuvomereza. Zina monga FIPS ndi
Mayendedwe Otsatira sapezeka pamene TACACS+ yayatsidwa.

Kuwongolera Mayankho

Konzani Kuwongolera Mayankho mu Woyang'anira kuti mulandire imelo
zidziwitso, malipoti, ndi zina zotero. Ogwiritsa ntchito akuyenera kusinthidwa ngati ogwiritsa ntchito apafupi
Manager wa izi.

Kulephera

Mukamagwiritsa ntchito Oyang'anira pagulu la failover, zindikirani kuti TACACS+ ili
kupezeka kokha pa Manajala oyamba. Ngati kukhazikitsidwa pa choyambirira
Woyang'anira, TACACS+ sichirikizidwa pa Manajala achiwiri. Limbikitsani
Woyang'anira wachiwiri mpaka woyamba kugwiritsa ntchito kutsimikizika kwakunja
ntchito pa izo.

FAQ

Q: Kodi TACACS+ ingagwiritsidwe ntchito ndi Compliance Mode yayatsidwa?

A: Ayi, kutsimikizika kwa TACACS+ ndi kuvomereza sikumathandizira
Kutsatira Mode. Onetsetsani kuti Compliance Mode ndiyozimitsa mukamagwiritsa ntchito
TACACS+.

"``

View Fullscreen

Cisco Secure Network Analytics
Kalozera wa Kapangidwe ka TACACS + 7.5.3

M'ndandanda wazopezekamo

Mawu Oyamba

Omvera

Terminology

Kugwirizana

Kuwongolera Mayankho

Kulephera

Kukonzekera

Maudindo Ogwiritsa Athaview

Kukonza Maina Ogwiritsa

Mayina Osamva Zokhudza Nkhani

Mayina Obwereza Obwereza

Mabaibulo Akale

Kukonza Magulu Odziwika ndi Ogwiritsa Ntchito

Udindo Woyambirira wa Admin

Kuphatikiza Maudindo Osakhala Oyang'anira

Makhalidwe Abwino

Chidule cha Maudindo

Maudindo a Data

Web Maudindo

Maudindo a Makasitomala a Pakompyuta

Njira Yathaview

1. Konzani TACACS+ mu ISE

Musanayambe

Mayina Ogwiritsa Ntchito

Maudindo Ogwiritsa Ntchito

1. Yambitsani Kuwongolera kwa Chipangizo mu ISE

2. Pangani TACACS+ Profiles

Udindo Woyambirira wa Admin

-2-

Kuphatikiza Maudindo Osakhala Oyang'anira

3. Map Shell Profiles kwa Magulu kapena Ogwiritsa Ntchito

4. Onjezani Secure Network Analytics ngati Network Device

2. Yambitsani chilolezo cha TACACS+ mu Secure Network Analytics

3. Yesani Kutalikirana kwa TACACS + User Login

Kusaka zolakwika

Zochitika

Kulumikizana ndi Thandizo

Sinthani Mbiri

-3-

Mawu Oyamba
Mawu Oyamba
Terminal Access Controller Access-Control System (TACACS+) ndi ndondomeko yomwe imathandizira mautumiki ovomerezeka ndi ovomerezeka ndipo imalola wogwiritsa ntchito kupeza mapulogalamu angapo ndi seti imodzi ya zizindikiro. Gwiritsani ntchito malangizo otsatirawa kuti mukonze TACACS+ ya Cisco Secure Network Analytics (yomwe kale inali Stealthwatch).
Omvera
Omvera omwe akufunidwa ndi bukhuli akuphatikizapo oyang'anira ma netiweki ndi ena ogwira ntchito omwe ali ndi udindo wokhazikitsa ndi kukonza zinthu za Secure Network Analytics.
Ngati mukufuna kugwira ntchito ndi katswiri woyikira, chonde lemberani Cisco Partner yanu kapena funsani Cisco Support.
Terminology
Bukuli limagwiritsa ntchito mawu oti "chida" pamtundu uliwonse wa Secure Network Analytics, kuphatikiza zinthu zenizeni monga Cisco Secure Network Analytics Flow Sensor Virtual Edition.
"Cluster" ndi gulu lanu la zida za Secure Network Analytics zomwe zimayendetsedwa ndi Cisco Secure Network Analytics Manager (omwe kale anali Stealthwatch Management Console kapena SMC).
Mu v7.4.0 tidasinthanso zinthu zathu za Cisco Stealthwatch Enterprise kukhala Cisco Secure Network Analytics. Kuti mupeze mndandanda wathunthu, onani Zolemba Zotulutsidwa. Mu bukhuli, muwona dzina lathu lakale lazinthu, Stealthwatch, lomwe limagwiritsidwa ntchito ngati kuli kofunikira kuti zimveke bwino, komanso mawu monga Stealthwatch Management Console ndi SMC.

-4-

Mawu Oyamba
Kugwirizana
Kuti mutsimikizire ndi kuvomerezedwa ndi TACACS+, onetsetsani kuti ogwiritsa ntchito onse alowa kudzera pa Manager. Kuti mulowe ku chipangizochi mwachindunji ndikugwiritsa ntchito Appliance Administration, lowani kwanuko.
Zotsatirazi sizikupezeka TACACS+ ikayatsidwa: FIPS, Mode Yotsatira.
Kuwongolera Mayankho
Kuwongolera Mayankho kumakhazikitsidwa mu Manager wanu. Kuti mulandire zidziwitso za imelo, malipoti okonzedwa, ndi zina zambiri onetsetsani kuti wogwiritsa ntchitoyo akukonzedwa ngati wogwiritsa ntchito m'deralo pa Manager. Pitani ku Konzani> Kuzindikira> Kasamalidwe ka Mayankho, ndikuwona Thandizo la malangizo.
Kulephera
Chonde dziwani izi ngati mwakonza Oyang'anira anu ngati awiri olephera:
l TACACS+ imapezeka pa Manajala oyamba okha. TACACS+ sichirikizidwa pa Manejala wachiwiri.
l Ngati TACACS+ yakhazikitsidwa pa Manajala oyamba, zambiri za ogwiritsa ntchito za TACACS+ sizipezeka pa Manajala wachiwiri. Musanagwiritse ntchito zotsimikizira zakunja zomwe zakhazikitsidwa pa Manager wachiwiri, muyenera kukwezera Woyang'anira wachiwiri kupita ku pulayimale.
l Ngati mukweza Manejala wachiwiri kupita ku pulaimale:
l Yambitsani TACACS+ ndi chilolezo chakutali pa Manejala wachiwiri. l Ogwiritsa ntchito akunja omwe alowa mu Manager wotsitsidwa adzalowetsedwa
kunja. l Woyang'anira Wachiwiri samasunga zambiri za ogwiritsa ntchito kuchokera kwa Woyang'anira wamkulu,
kotero deta iliyonse yomwe yasungidwa pa Woyang'anira wamkulu sichipezeka pa Manejala atsopano (wokwezedwa). l Wogwiritsa ntchito wakutali akalowa kwa Woyang'anira wamkulu watsopano kwa nthawi yoyamba, zolembera za ogwiritsa ntchito zidzapangidwa ndipo deta imasungidwa kupita patsogolo.
l Review Malangizo a Failover: Kuti mudziwe zambiri, onani Maupangiri a Failover Configuration.

-5-

Kukonzekera

Kukonzekera
Mutha kukonza TACACS+ pa Cisco Identity Services Engine (ISE).
Tikukulimbikitsani kugwiritsa ntchito Cisco Identity Services Engine (ISE) kuti mutsimikizire komanso kuvomereza. Komabe, mutha kuyikanso seva yoyimirira ya TACACS + kapena kuphatikiza seva ina iliyonse yovomerezeka malinga ndi zomwe mukufuna.
Onetsetsani kuti muli ndi zonse zomwe mukufunikira kuti muyambe kasinthidwe.

Zofunika Cisco Identity Services Engine (ISE) TACACS+ Server Desktop Client

Tsatanetsatane
Ikani ndikusintha ISE pogwiritsa ntchito malangizo omwe ali muzolemba za ISE za injini yanu.
Mufunika adilesi ya IP, doko, ndi kiyi yachinsinsi yogawana kuti mukonzekere. Mudzafunikanso chilolezo cha Device Administration.
Mufunika adilesi ya IP, doko, ndi kiyi yachinsinsi yogawana kuti mukonzekere.
Mudzagwiritsa ntchito Desktop Client pakusintha uku ngati mukufuna kugwiritsa ntchito maudindo apakompyuta. Kuti muyike Desktop Client, onani Cisco Secure Network Analytics System Configuration Guide yomwe ikugwirizana ndi mtundu wanu wa Secure Network Analytics.

-6-

Maudindo Ogwiritsa Athaview
Maudindo Ogwiritsa Athaview
Bukhuli lili ndi malangizo okonzekera owerenga anu a TACACS+ kuti atsimikizidwe akutali ndi kuvomereza. Musanayambe kasinthidwe, review zambiri zomwe zili mugawoli kuti muwonetsetse kuti mukukonza owerenga anu molondola.
Kukonza Maina Ogwiritsa
Kuti mutsimikizire zakutali ndi chilolezo, mutha kusintha ogwiritsa ntchito anu mu ISE. Kuti mutsimikizire kwanuko ndi chilolezo, konzani ogwiritsa ntchito anu mu Manager.
l Kutali: Kuti musinthe ogwiritsa ntchito anu mu ISE, tsatirani malangizo omwe ali mu kalozerayu.
l Zam'deralo: Kuti mukonzekere ogwiritsa ntchito kwanuko kokha, lowani kwa Manager. Kuchokera pamndandanda waukulu, sankhani Konzani> Global> User Management. Sankhani Thandizo kuti mupeze malangizo.
Mayina Osamva Zokhudza Nkhani
Mukakonza ogwiritsa ntchito akutali, yambitsani kukhudzidwa kwa vuto pa seva yakutali. Ngati simukuloleza kukhudzidwa kwa vuto pa seva yakutali, ogwiritsa ntchito sangathe kupeza deta yawo akalowa mu Secure Network Analytics.
Mayina Obwereza Obwereza
Kaya mumakonza mayina a ogwiritsa ntchito kutali (mu ISE) kapena kwanuko (mu Manager), onetsetsani kuti mayina onse ndi apadera. Sitikulimbikitsa kubwereza mayina a ogwiritsa ntchito pa maseva akutali ndi Secure Network Analytics.
Ngati wogwiritsa ntchito alowa kwa Woyang'anira, ndipo ali ndi dzina lomwelo lomwe lakonzedwa mu Secure Network Analytics ndi ISE, amangopeza data ya Manager / Safe Network Analytics. Sangathe kupeza data yawo yakutali ya TACACS+ ngati dzina lawo lachibwereza libwerezedwa.
Mabaibulo Akale
Ngati mudakonza TACACS+ mu mtundu wakale wa Cisco Secure Network Analytics (Stealthwatch v7.1.1 ndi koyambirira), onetsetsani kuti mwapanga ogwiritsa ntchito atsopano okhala ndi mayina apadera a v7.1.2 ndi mtsogolo. Sitikulimbikitsa kugwiritsa ntchito kapena kubwereza mayina a ogwiritsa ntchito kuchokera kumitundu yakale ya Secure Network Analytics.
Kuti mupitilize kugwiritsa ntchito mayina a ogwiritsa ntchito omwe adapangidwa mu v7.1.1 ndi m'mbuyomu, tikupangira kuti muwasinthe kuti akhale am'deralo pokha mu Manager wanu wamkulu ndi Wogwiritsa Ntchito Pakompyuta. Onani Thandizo kuti mupeze malangizo.

-7-

Maudindo Ogwiritsa Athaview

Kukonza Magulu Odziwika ndi Ogwiritsa Ntchito
Kuti mulowetse wovomerezeka, mupanga mapu a shell profiles kwa ogwiritsa ntchito anu. Kwa aliyense chipolopolo ovomerezafile, mutha kugawa gawo la Utsogoleri Woyambira kapena kupanga kuphatikiza kwa maudindo omwe si a admin. Ngati mupereka udindo Woyang'anira Woyambira kwa katswiri wa zipolopolofile, palibe maudindo owonjezera omwe amaloledwa. Ngati mupanga kuphatikiza kwa maudindo omwe si a admin, onetsetsani kuti akukwaniritsa zofunikira.
Udindo Woyambirira wa Admin
Admin woyamba akhoza view magwiridwe antchito ndikusintha chilichonse. Ngati mupereka udindo Woyang'anira Woyambira kwa katswiri wa zipolopolofile, palibe maudindo owonjezera omwe amaloledwa.

Udindo Primary Admin

Attribute Value cisco-stealthwatch-master-admin

Kuphatikiza Maudindo Osakhala Oyang'anira
Ngati mupanga kuphatikiza kwa maudindo omwe si a admin pa chipolopolo chanufile, onetsetsani kuti ili ndi izi:
l 1 Ntchito ya data (yokha) l 1 kapena kupitilira apo Web udindo l 1 kapena kupitilira apo gawo la Makasitomala apakompyuta
Kuti mudziwe zambiri, yang'anani pa tebulo la Attribute Values.
Ngati mupereka udindo Woyang'anira Woyambira kwa katswiri wa zipolopolofile, palibe maudindo owonjezera omwe amaloledwa. Ngati mupanga kuphatikiza kwa maudindo omwe si a admin, onetsetsani kuti akukwaniritsa zofunikira.

-8-

Maudindo Ogwiritsa Athaview

Makhalidwe Abwino
Kuti mudziwe zambiri za gawo lililonse, dinani ulalo womwe uli mugawo la Maudindo Ofunikira.

Maudindo Ofunika 1 Udindo wa data (okha)
1 kapena kuposa Web udindo
1 kapena kupitilirapo gawo la Makasitomala apakompyuta

Khalidwe la Mtengo
l cisco-stealthwatch-data-read-and-lete l cisco-stealthwatch-data-read-only
l cisco-stealthwatch-configuration-manager l cisco-stealthwatch-power-analyst l cisco-stealthwatch-analyst
l cisco-stealthwatch-desktop-stealthwatch-power-user l cisco-stealthwatch-desktop-configuration-manager l cisco-stealthwatch-desktop-network-engineer l cisco-stealthwatch-desktop-security-analyst

Chidule cha Maudindo
Tapereka chidule cha gawo lililonse muzolemba zotsatirazi. Kuti mumve zambiri za maudindo a ogwiritsa ntchito mu Secure Network Analytics, review tsamba la User Management mu Help.
Maudindo a Data
Onetsetsani kuti mwasankha gawo limodzi lokha la data.

Ntchito ya Data

Zilolezo

Zonse (Zowerenga Zokha)

Wogwiritsa akhoza view deta mu domeni iliyonse kapena gulu la alendo, kapena pa chipangizo chilichonse kapena chipangizo, koma sangathe kupanga masinthidwe aliwonse.

Zonse (Werengani & Lembani)

Wogwiritsa akhoza view ndi konzani deta mu domeni iliyonse kapena gulu la alendo, kapena pa chipangizo chilichonse kapena chipangizo chilichonse.

Ntchito yeniyeni (kufufuza koyenda, kasamalidwe ka ndondomeko, magulu a maukonde, ndi zina zotero) zomwe wogwiritsa ntchito angathe view ndi/kapena kusintha kumatsimikiziridwa ndi wogwiritsa ntchito web udindo.

-9-

Maudindo Ogwiritsa Athaview

Web Maudindo

Web Udindo

Zilolezo

Mphamvu Analyst

Power Analyst akhoza kuchita kafukufuku woyamba wa magalimoto ndi kuyenda komanso kukonza ndondomeko ndi magulu omwe akukhala nawo.

Configuration Manager

Configuration Manager akhoza view magwiridwe antchito okhudzana ndi kasinthidwe.

Katswiri

Analyst akhoza kuchita kafukufuku woyamba wa magalimoto ndi kuyenda.

Maudindo a Makasitomala a Pakompyuta

Web Udindo

Zilolezo

Configuration Manager

Configuration Manager akhoza view zinthu zonse menyu ndi konzani zipangizo zonse, zipangizo, ndi madomeni zoikamo.

Network Engineer

Network Engineer akhoza view zinthu zonse zokhudzana ndi kuchuluka kwa magalimoto mu Desktop Client, onjezerani ma alarm ndi zolemba zochititsa, ndikuchita zonse zochenjeza, kupatula kuchepetsa.

Security Analyst

The Security Analyst akhoza view zinthu zonse za menyu zokhudzana ndi chitetezo, onjezerani alamu ndi zolemba zochititsa, ndikuchita zochitika zonse za alamu, kuphatikizapo kuchepetsa.

Chitetezo cha Network Analytics Power User

The Secure Network Analytics Power User angathe view zinthu zonse za menyu, vomerezani ma alarm, ndikuyika ma alarm ndi zolemba zochititsa, koma osatha kusintha chilichonse.

- 10 -

Njira Yathaview
Njira Yathaview
Mutha kukonza Cisco ISE kuti ipereke TACACS +. Kuti mukonzekere bwino zoikamo za TACACS+ ndikuvomereza TACACS+ mu Secure Network Analytics, onetsetsani kuti mwamaliza izi:
1. Konzani TACACS+ mu ISE 2. Yambitsirani TACACS+ Authorization mu Secure Network Analytics 3. Yesani TACACS+ Kulowera kwa Ogwiritsa

- 11 -

1. Konzani TACACS+ mu ISE
1. Konzani TACACS+ mu ISE
Gwiritsani ntchito malangizo awa kuti mukonze TACACS+ pa ISE. Kukonzekera uku kumathandizira ogwiritsa ntchito akutali a TACACS+ pa ISE kuti alowe mu Secure Network Analytics.
Musanayambe
Musanayambe malangizowa, ikani ndikusintha ISE pogwiritsa ntchito malangizo omwe ali muzolemba za ISE za injini yanu. Izi zikuphatikizapo kuonetsetsa kuti ziphaso zanu zakhazikitsidwa bwino.
Mayina Ogwiritsa Ntchito
Kaya mumakonza mayina a ogwiritsa ntchito kutali (mu ISE) kapena kwanuko (mu Manager), onetsetsani kuti mayina onse ndi apadera. Sitikulimbikitsa kubwereza mayina a ogwiritsa ntchito pa maseva akutali ndi Secure Network Analytics.
Maina Obwereza Obwereza: Ngati wogwiritsa ntchito alowa kwa Woyang'anira, ndipo ali ndi dzina lomwelo lomwe lakonzedwa mu Secure Network Analytics ndi ISE, amangopeza data ya Manager/Secure Network Analytics. Sangathe kupeza data yawo yakutali ya TACACS+ ngati dzina lawo lachibwereza libwerezedwa.
Mayina Ogwiritsa Ntchito Mlandu: Mukakonza ogwiritsa ntchito akutali, yambitsani kukhudzidwa kwa vuto pa seva yakutali. Ngati simukuloleza kukhudzidwa kwa vuto pa seva yakutali, ogwiritsa ntchito sangathe kupeza deta yawo akalowa mu Secure Network Analytics.
Maudindo Ogwiritsa Ntchito
Pa TACACS+ profile mu ISE, mutha kugawa gawo la Administrator kapena kupanga kuphatikiza kwa maudindo omwe si a admin.
Ngati mupereka udindo Woyang'anira Woyambira kwa katswiri wa zipolopolofile, palibe maudindo owonjezera omwe amaloledwa. Ngati mupanga kuphatikiza kwa maudindo omwe si a admin, onetsetsani kuti akukwaniritsa zofunikira. Kuti mudziwe zambiri za maudindo a ogwiritsa ntchito, onani za User Roles Overview.
1. Yambitsani Kuwongolera kwa Chipangizo mu ISE
Gwiritsani ntchito malangizo awa kuti muwonjezere ntchito ya TACACS+ ku ISE.
1. Lowani mu ISE yanu ngati admin. 2. Sankhani Malo Ogwirira Ntchito > Kuwongolera Chipangizo > Kupitiliraview.

- 12 -

1. Konzani TACACS+ mu ISE
Ngati Chipangizo Choyang'anira Chida sichikuwonetsedwa mu Malo Ogwirira Ntchito, pitani ku Administration> System> Licensing. Mugawo la Licensing, tsimikizirani kuti Chilolezo Choyang'anira Chipangizo chawonetsedwa. Ngati sichiwonetsedwa, onjezani laisensi ku akaunti yanu. 3. Sankhani Kutumiza.
4. Sankhani Ma Node Onse Othandizira Ndondomeko kapena Ma Node enieni. 5. Mugawo la TACACS Madoko, lowetsani 49.

6. Dinani Sungani.
2. Pangani TACACS+ Profiles
Gwiritsani ntchito malangizo otsatirawa kuti muwonjezere TACACS+ shell profiles ku ISE. Mugwiritsanso ntchito malangizowa kuti mugawire maudindo ofunikira kwa pro shellfile.
1. Sankhani Malo Ogwirira Ntchito > Kuwongolera Chipangizo > Zida Zadongosolo. 2. Sankhani Zotsatira > TACACS Profiles. 3. Dinani Add. 4. M'munda wa Dzina, lowetsani dzina lapadera.
Kuti mumve zambiri za mayina a ogwiritsa ntchito onani Maudindo Ogwiritsa Ntchito Othaview.

- 13 -

1. Konzani TACACS+ mu ISE
5. Pakutsika pansi kwa Common Task Type, sankhani Shell. 6. Mugawo la Custom Attributes, dinani Add. 7. Mu Mtundu kumunda, sankhani Zoyenera. 8. M'munda wa Dzina, lowetsani udindo. 9. M'munda wa Value, lowetsani mtengo wamtengo wapatali wa Primary Admin kapena kumanga kuphatikiza
za maudindo omwe si a admin. l Sungani: Dinani Chongani chithunzi kuti musunge gawolo. l Kuphatikiza Maudindo Osakhala Oyang'anira: Ngati mupanga kuphatikiza kwa maudindo osayang'anira, bwerezani masitepe 5 mpaka 8 mpaka muwonjeze mzere pa gawo lililonse lofunikira (Dyoto la data, Web udindo, ndi gawo la Makasitomala apakompyuta).

- 14 -

1. Konzani TACACS+ mu ISE

Udindo Woyambirira wa Admin
Admin woyamba akhoza view magwiridwe antchito ndikusintha chilichonse. Ngati mupereka udindo Woyang'anira Woyambira kwa katswiri wa zipolopolofile, palibe maudindo owonjezera omwe amaloledwa.

Udindo Primary Admin

Attribute Value cisco-stealthwatch-master-admin

Kuphatikiza Maudindo Osakhala Oyang'anira
Ngati mupanga kuphatikiza kwa maudindo omwe si a admin pa chipolopolo chanufile, onetsetsani kuti ili ndi izi:
l 1 Ntchito ya data (yokha): onetsetsani kuti mwasankha gawo limodzi lokha la data L 1 kapena kuposa Web udindo l 1 kapena kupitilira apo gawo la Makasitomala apakompyuta

Maudindo Ofunika 1 Udindo wa data (okha)
1 kapena kuposa Web udindo
1 kapena kupitilirapo gawo la Makasitomala apakompyuta

Ngati mupereka udindo Woyang'anira Woyambira kwa katswiri wa zipolopolofile, palibe maudindo owonjezera omwe amaloledwa. Ngati mupanga kuphatikiza kwa maudindo omwe si a admin, onetsetsani kuti akukwaniritsa zofunikira.
10. Dinani Sungani. 11. Bwerezani masitepe mu 2. Pangani TACACS + Profiles kuwonjezera zina za TACACS+
chipolopolo profiles ku ISE.

- 15 -

1. Konzani TACACS+ mu ISE
Musanapitirire ku 3. Map Shell Profiles ku Magulu kapena Ogwiritsa, muyenera kupanga Ogwiritsa, Gulu Lozindikiritsa Ogwiritsa (ngati mukufuna), ndi ma TACACS + ma seti amalamulo. Kuti mupeze malangizo amomwe mungapangire Ma Users, User Identity Group, ndi TACACS+ command sets, onetsani zolembedwa za ISE za injini yanu.
3. Map Shell Profiles kwa Magulu kapena Ogwiritsa Ntchito
Gwiritsani ntchito malangizo otsatirawa kuti mupange mapu a shell yanufiles ku malamulo anu ovomerezeka.
1. Sankhani Malo Ogwirira Ntchito > Kuwongolera Chipangizo > Mapangidwe a Mapulani a Chipangizo. 2. Pezani dzina lanu lachikhazikitso. Dinani chizindikiro cha Arrow. 3. Pezani ndondomeko yanu yololeza. Dinani chizindikiro cha Arrow. 4. Dinani chizindikiro cha + Plus.

5. M'munda wa Zinthu, dinani chizindikiro cha + Plus. Konzani zikhalidwe zamalamulo.
l Gulu Lozindikiritsa Wogwiritsa Ntchito: Ngati mwakonza gulu lodziwika bwino, mutha kupanga zinthu monga "InternalUser.IdentityGroup".
Za example, “InternalUser.IdentityGroup EQUALS ” kuti mufanane ndi gulu linalake lodziwikiratu.
l Wogwiritsa Ntchito Payekha: Ngati mwakonza munthu aliyense payekha, mukhoza kupanga chikhalidwe monga "InternalUser.Name".
Za example, "InternalUser.Name EQUALS ” kuti agwirizane ndi wogwiritsa ntchito.

- 16 -

1. Konzani TACACS+ mu ISE
Thandizo: Kuti mupeze malangizo a Conditions Studio, dinani ? Chizindikiro chothandizira.
6. Mu Shell Profiles, sankhani chipolopolo cha profile mudapanga mu 2. Pangani TACACS+ Profiles.
7. Bwerezani masitepe mu 3. Map Shell Profiles ku Magulu kapena Ogwiritsa ntchito mpaka mutapanga mapu onse a chipolopolofiles ku malamulo anu ovomerezeka.

- 17 -

1. Konzani TACACS+ mu ISE
4. Onjezani Secure Network Analytics ngati Network Device
1. Sankhani Administration > Network Resources > Network Devices. 2. Sankhani Network Devices, dinani + Add. 3. Malizitsani zambiri za Woyang'anira wanu wamkulu, kuphatikiza magawo awa:
l Dzina: Lowetsani dzina la Woyang'anira wanu. l Adilesi ya IP: Lowetsani adilesi ya IP Manager. l Chinsinsi Chogawana: Lowetsani chinsinsi chogawana nawo. 4. Dinani Sungani. 5. Tsimikizirani kuti chipangizochi chasungidwa ku Network Devices mndandanda.
6. Pitani ku 2. Yambitsani chilolezo cha TACACS+ mu Secure Network Analytics.

- 18 -

2. Yambitsani chilolezo cha TACACS+ mu Secure Network Analytics

2. Yambitsani chilolezo cha TACACS+ mu Secure Network Analytics
Gwiritsani ntchito malangizo otsatirawa kuti muwonjezere seva ya TACACS+ ku Secure Network Analytics ndikupatsanso chilolezo chakutali.
Ndi Woyang'anira Woyambirira yekha yemwe angawonjezere seva ya TACACS+ ku Secure Network Analytics.

Mutha kuwonjezera seva imodzi yokha ya TACACS+ ku ntchito yotsimikizira ya TACACS+.
1. Lowani kwa Woyang'anira wanu wamkulu. 2. Kuchokera pamndandanda waukulu, sankhani Konzani> Global> User Management. 3. Dinani kutsimikizira ndi kuvomereza tabu. 4. Dinani Pangani. Sankhani Service Authentication. 5. Dinani kutsika pansi Service Authentication. Sankhani TACACS+. 6. Malizitsani magawowa:

Kufotokozera kwa Dzina la Utumiki Wotsimikizira Malo
Cache Timeout (Mphindikati)
Mawu Oyamba

Zolemba
Lowetsani dzina lapadera kuti muzindikire seva.
Lowetsani malongosoledwe omwe amafotokoza momwe seva ikugwiritsidwira ntchito kapena chifukwa chake.
Kuchuluka kwa nthawi (mu masekondi) kuti dzina la wosuta kapena mawu achinsinsi amaonedwa kuti ndi ovomerezeka pamaso pa Secure Network Analytics amafuna kulowetsanso zambiri.
Gawoli ndilosankha. Chingwe choyambirira chimayikidwa kumayambiriro kwa dzina la osuta pamene dzinalo litumizidwa ku seva ya RADIUS kapena TACACS +. Za example, ngati dzina lake ndi zoe ndipo malo oyamba ali DOMAIN-

- 19 -

Suffix
Server IP Address Port Key Key

2. Yambitsani chilolezo cha TACACS+ mu Secure Network Analytics
A, dzina la ogwiritsa DOMAIN-Azoe limatumizidwa ku seva. Ngati simukonza gawo la Prefix, dzina la ogwiritsa ntchito ndi lomwe limatumizidwa ku seva.
Gawoli ndilosankha. Chingwe chakumapeto chimayikidwa kumapeto kwa dzina la ogwiritsa ntchito. Za example, ngati suffix ndi @mydomain.com, dzina lolowera zoe@mydomain.com limatumizidwa ku seva ya TACACS+. Ngati simukonza gawo la Suffix, dzina la ogwiritsa ntchito ndi lomwe limatumizidwa ku seva.
Gwiritsani ntchito ma adilesi a IPv4 kapena IPv6 pokonza mautumiki otsimikizira.
Lowetsani manambala aliwonse kuyambira 0 mpaka 65535 omwe amagwirizana ndi doko lomwe likugwira ntchito.
Lowetsani kiyi yachinsinsi yomwe idakonzedwera seva yoyenera.

7. Dinani Sungani. Seva yatsopano ya TACACS + yawonjezedwa, ndi chidziwitso cha seva.
8. Dinani menyu ya Actions pa seva ya TACACS+. 9. Sankhani Yambitsani Chilolezo Chakutali kuchokera pa menyu yotsitsa. 10. Tsatirani zomwe zili pazenera kuti mutsegule TACACS+.

- 20 -

3. Yesani Kutalikirana kwa TACACS + User Login
3. Yesani Kutalikirana kwa TACACS + User Login
Gwiritsani ntchito malangizo otsatirawa kuti mulowe ku Manager. Kuti mupeze chilolezo chakutali cha TACACS+, onetsetsani kuti ogwiritsa ntchito onse alowa kudzera pa Manager.
Kuti mulowe ku chipangizochi mwachindunji ndikugwiritsa ntchito Appliance Administration, lowani kwanuko. 1. M'gawo la adilesi ya msakatuli wanu, lembani izi:
https:// followed by the IP address of your Manager.
2. Lowetsani dzina la wogwiritsa ntchito ndi mawu achinsinsi a wosuta wakutali wa TACACS+. 3. Dinani Lowani.
Ngati wosuta sangathe kulowa kwa Manager, review gawo la Kuthetsa Mavuto.

- 21 -

Kusaka zolakwika

Kusaka zolakwika
Mukakumana ndi zina mwazovutazi, funsani woyang'anira wanu kuti akonzensoview kasinthidwe ndi mayankho omwe tapereka apa. Ngati woyang'anira wanu sangathe kuthetsa vutoli, chonde lemberani Cisco Support.
Zochitika

Zochitika Wogwiritsa ntchito wa TACACS+ sangalowe
Ogwiritsa ntchito onse a TACACS+ sangathe kulowa

Zolemba
l Review Audit Log ya kulephera kulowa kwa ogwiritsa ntchito ndi Mapu Osavomerezeka kapena Kuphatikiza Maudindo Osavomerezeka. Izi zitha kuchitika ngati identity group shell profile zikuphatikizapo Woyang'anira Woyamba ndi maudindo owonjezera, kapena ngati kuphatikiza kwa maudindo omwe si a admin sikukwaniritsa zofunikira. Onani Maudindo Ogwiritsa Ntchito Athaview zatsatanetsatane.
l Onetsetsani kuti dzina la osuta la TACACS+ silofanana ndi dzina la m'deralo (Secure Network Analytics). Onani Maudindo Ogwiritsa Ntchito Athaview zatsatanetsatane.
l Onani masinthidwe a TACACS + mu Secure Network Analytics.
l Onani masinthidwe pa seva ya TACACS+.
l Onetsetsani kuti seva ya TACACS+ ikugwira ntchito. l Onetsetsani kuti ntchito ya TACACS+ ndiyoyatsidwa
Secure Network Analytics: l Pakhoza kukhala ma seva ovomerezeka angapo otanthauziridwa, koma imodzi yokha ndi yomwe ingaloledwe kuvomerezedwa. Onani ku 2.
Yambitsani chilolezo cha TACACS+ mu Secure Network Analytics kuti mumve zambiri. l Kuti mulole chilolezo cha seva inayake ya TACACS+, onani 2. Yambitsani
Kuvomerezeka kwa TACACS+ mu Secure Network Analytics kuti mumve zambiri.

- 22 -

Kusaka zolakwika

Wogwiritsa ntchito akalowa, amatha kupeza Manejala kwanuko

Ngati wogwiritsa ali ndi dzina lomwelo mu Secure Network Analytics (yapafupi) ndi seva ya TACACS+ (yakutali), kulowa kwanuko kumaposa kulowa kwakutali. Onani Maudindo Ogwiritsa Ntchito Athaview zatsatanetsatane.

- 23 -

Kulumikizana ndi Thandizo
Kulumikizana ndi Thandizo
Ngati mukufuna thandizo laukadaulo, chonde chitani chimodzi mwa izi: l Lumikizanani ndi Cisco Partner yanu l Lumikizanani ndi Cisco Support l Kuti mutsegule mlandu ndi web: http://www.cisco.com/c/en/us/support/index.html l Pothandizira foni: 1-800-553-2447 (US) l Kwa manambala othandizira padziko lonse lapansi: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

- 24 -

Sinthani Mbiri

Document Version 1_0

Lofalitsidwa pa Ogasiti 21, 2025

Sinthani Mbiri
Kufotokozera Mtundu woyambirira.

- 25 -

Zambiri Zaumwini
Cisco ndi logo ya Cisco ndi zizindikilo zamalonda kapena zizindikilo zolembetsedwa za Cisco ndi/kapena mabungwe omwe ali nawo ku US ndi mayiko ena. Ku view mndandanda wazizindikiro za Cisco, pitani ku izi URL: https://www.cisco.com/go/trademarks. Zizindikiro za chipani chachitatu zomwe zatchulidwa ndi za eni ake. Kugwiritsiridwa ntchito kwa mawu oti wokondedwa sikutanthawuza mgwirizano wa mgwirizano pakati pa Cisco ndi kampani ina iliyonse. (1721R)
© 2025 Cisco Systems, Inc. ndi/kapena othandizana nawo. Maumwini onse ndi otetezedwa.

Zolemba / Zothandizira

Cisco TACACS + Secure Network Analytics [pdf] Buku Logwiritsa Ntchito
7.5.3, TACACS Secure Network Analytics, TACACS, Secure Network Analytics, Network Analytics, Analytics

Maumboni

Buku Logwiritsa Ntchito

Cisco TACACS + Secure Network Analytics User Guide

TACACS + Secure Network Analytics

Zofotokozera

Zambiri Zamalonda

Malangizo Ogwiritsira Ntchito Zogulitsa

Mawu Oyamba

Omvera

Terminology

Kugwirizana

Kuwongolera Mayankho

Kulephera

FAQ

Q: Kodi TACACS+ ingagwiritsidwe ntchito ndi Compliance Mode yayatsidwa?

Zolemba / Zothandizira

Maumboni

Siyani ndemanga

Letsani yankho