Cisco TACACS + Secure Network Analytics User Guide

O le Cisco Secure Network Analytics, e lauiloa foi o Stealthwatch,
fa'aogaina le Terminal Access Controller Access-Control System
(TACACS+) protocol mo le fa'amaoni ma le fa'atagaina auaunaga.
E mafai ai e tagata faʻaoga ona maua le tele o talosaga ma se seti se tasi
o fa'ailoga.

Fa'atonuga o le Fa'aaogaina o Mea

Folasaga

Ina ia fetuunai TACACS + mo Cisco Secure Network Analytics, mulimuli
laasaga o loʻo otooto atu i lenei taʻiala.

Tagata fa'alogo

O lenei ta'iala ua fa'amoemoe mo fa'atonu feso'ota'iga ma tagata faigaluega
e nafa ma le faʻapipiʻiina ma le faʻatulagaina o Suʻesuʻega o Fesoʻotaiga Saogalemu
oloa. Mo faʻapipiʻi faʻapitoa, faʻafesoʻotaʻi se Cisco i le lotoifale
Pa'aga po'o Cisco Lagolago.

Fa'aupuga

O le taʻiala e faʻatatau i le oloa o se meafaigaluega, e aofia ai
oloa fa'apitoa e pei ole Cisco Secure Network Analytics Flow
Fa'amatalaga Fa'atekonolosi. O fa'apotopotoga o vaega o masini e pulea
e le Cisco Secure Network Analytics Manager.

Fegalegaleaiga

Ia mautinoa o loʻo faʻaoga uma tagata faʻaoga e ala i le Pule mo TACACS +
fa'amaoni ma fa'atagaina. O nisi vaega e pei o FIPS ma
E le maua le Tulaga Tausiusi pe a fa'agaoioi le TACACS+.

Puleaina o Tali

Fa'atonu le Pulega Tali ile Pule e maua ai imeli
fa'aaliga, lipoti, ma isi. E tatau ona fa'atulagaina tagata fa'aoga e avea ma tagata fa'apitonu'u i luga
le Pule mo lenei vaega.

Faivale

A faʻaaogaina Pule i se paga failover, ia maitauina o le TACACS + o
na'o avanoa ile Pule muamua. Pe a configured i le tulaga muamua
Pule, TACACS + e le lagolagoina i le Pule lua. Fa'alauiloa
le Pule lua i le tulaga muamua e fa'aoga fa'amaoniga mai fafo
auaunaga i luga.

FAQ

F: E mafai ona fa'aoga le TACACS+ i le Fa'atulafonoina o le Fa'atonu?

A: Leai, TACACS + faʻamaonia ma faʻatagaina e le lagolagoina
Tulaga Tausi. Ia fa'amautinoa ua fa'aletonu le Faiga Tausisi pe a fa'aaoga
TACACS+.

“`

View Fullscreen

Cisco Secure Network Analytics
TACACS+ Taiala Fa'atonu 7.5.3

Lisi o Mataupu

Folasaga

Tagata fa'alogo

Fa'aupuga

Fegalegaleaiga

Puleaina o Tali

Faivale

Sauniuniga

Matafaioi a le Tagata Faaaogaview

Fa'atonu Igoa o Tagata Fa'aoga

Igoa Tagata Fa'aoga Mata'utia

Fa'alua Igoa Fa'aoga

Muamua Versions

Fa'atulagaina o Vaega Fa'asinomaga ma Tagata Fa'aoga

Matafaioi Pule Muamua

Tuufaatasiga o Matafaioi e le o ni Pule

Uiga Taua

Aotelega Matafaioi

Matafaioi Faamatalaga

Web Matafaioi

Matafaioi Client Desktop

Fa'agasologa Fa'aumaview

1. Fa'atulaga TACACS+ ile ISE

Ae e te le'i Amata

Igoa Fa'aoga

Matafaioi a tagata faaaoga

1. Fa'afeso'ota'i le Fa'atonu Fa'atonu ile ISE

2. Fausia TACACS + Profiles

Matafaioi Pule Muamua

-2-

Tuufaatasiga o Matafaioi e le o ni Pule

3. Map Shell Profiles i Vaega po'o Tagata Fa'aoga

4. Fa'aopoopo Su'esu'ega o Feso'ota'iga Saogalemu e pei o se masini feso'ota'iga

2. Fa'agaoioi le TACACS+ Fa'atagaga ile Secure Network Analytics

3. Su'e mamao TACACS + User Login

Fa'afitauli

Fa'aaliga

Fa'afeso'ota'i le Lagolago

Suiga Tala'aga

-3-

Folasaga
Folasaga
Terminal Access Controller Access-Control System (TACACS+) ose fa'atonuga e lagolagoina le fa'amaoni ma le fa'atagaina auaunaga ma fa'ataga ai se tagata fa'aoga e fa'aoga le tele o talosaga ma se seti o fa'amaoniga. Fa'aaoga faatonuga nei e fa'atulaga ai le TACACS+ mo Cisco Secure Network Analytics (muamua Stealthwatch).
Tagata fa'alogo
O le au fa'amoemoe mo lenei ta'iala e aofia ai pule o feso'otaiga ma isi tagata faigaluega o lo'o nafa ma le fa'apipi'iina ma le fa'atulagaina o oloa Secure Network Analytics.
Afai e te manaʻo e galue ma se faʻapipiʻi faʻapolofesa, faʻamolemole faʻafesoʻotaʻi lau Cisco Partner i le lotoifale pe faʻafesoʻotaʻi Cisco Support.
Fa'aupuga
O lenei taʻiala e faʻaaogaina le faaupuga "mea faigaluega" mo soʻo se oloa Secure Network Analytics, e aofia ai oloa faʻapitoa e pei o le Cisco Secure Network Analytics Flow Sensor Virtual Edition.
O le "fa'a'upu'u" o lau vaega o mea faigaluega Su'e Network Analytics o lo'o pulea e le Cisco Secure Network Analytics Manager (muamua Stealthwatch Management Console po'o SMC).
I le v7.4.0 na matou toe fa'aigoaina a matou oloa Cisco Stealthwatch Enterprise i Cisco Secure Network Analytics. Mo se lisi atoa, tagai i le Fa'amatalaga Fa'amatalaga. I totonu o lenei taʻiala, o le a e vaʻaia ai le matou igoa muamua o oloa, Stealthwatch, faʻaaogaina i soʻo se taimi e manaʻomia ai e faʻamautinoa ai le manino, faʻapea foʻi ma faʻamatalaga e pei o le Stealthwatch Management Console ma le SMC.

-4-

Folasaga
Fegalegaleaiga
Mo le TACACS + faʻamaonia ma le faʻatagaina, ia mautinoa o loʻo faʻaoga uma tagata faʻaoga e ala i le Pule. Ina ia saini sa'o i se masini ma fa'aoga le Appliance Administration, saini i totonu i le lotoifale.
O vaega nei e le o maua pe a fa'agaoioi le TACACS+: FIPS, Faiga Tausi.
Puleaina o Tali
Fa'atonu le Pulega o Tali i lau Pule. Ina ia maua faʻamatalaga imeli, faʻatulagaina lipoti, ma isi mea ia mautinoa o le tagata faʻaoga o loʻo faʻatulagaina o se tagata faʻaoga i le lotoifale i le Pule. Alu i le Configure > Detection > Response Management, ma tagai i le Fesoasoani mo faatonuga.
Faivale
Fa'amolemole maitau fa'amatalaga nei pe afai na e fa'atulagaina au Pule e fai ma ta'iga failover:
l TACACS+ e na'o le Pule muamua e maua. E le lagolagoina le TACACS+ ile Pule lua.
l Afai o le TACACS + e faʻapipiʻi i luga o le Pule muamua, o le TACACS + faʻamatalaga tagata e le o maua i le Pule lua. Ae e te le'i fa'aogaina au'aunaga fa'amaonia mai fafo i luga ole Pule lua, e tatau ona e fa'alauiloa le Pule lua ile tulaga muamua.
l Afai e te siitia le Pule lona lua ile tulaga muamua:
l Fa'aagaoi le TACACS+ ma le fa'atagaina mamao ile Pule lua. l So'o se tagata fa'aoga i fafo e saini i totonu o le Pule muamua ua fa'ate'aina o le a fa'amauina
i fafo. l E le taofia e le Pule lona lua fa'amaumauga mai le Pule muamua,
so'o se fa'amaumauga o lo'o fa'asaoina ile Pule muamua e le maua ile Pule fou (fa'alauiloa). l O le taimi lava e saini ai le tagata fa'aoga mamao i le Pule muamua fou mo le taimi muamua, o le a faia le fa'atonuga o tagata fa'aoga ma fa'asaoina fa'amaumauga agai i luma.
l Review Failover Fa'atonuga: Mo nisi fa'amatalaga, tagai ile Failover Configuration Guide.

-5-

Sauniuniga

Sauniuniga
E mafai ona e fa'atulagaina TACACS + ile Cisco Identity Services Engine (ISE).
Matou te fautuaina le faʻaaogaina o Cisco Identity Services Engine (ISE) mo le faʻamaonia ma le faʻatagaina. Ae ui i lea, e mafai foi ona e faʻapipiʻiina se server TACACS + tuʻutasi pe tuʻufaʻatasia soʻo se isi faʻaumau faʻamaonia talafeagai e tusa ai ma ou manaʻoga patino.
Ia mautinoa o loʻo ia te oe mea uma e te manaʻomia e amata ai le faʻatulagaina.

Manaoga Cisco Identity Services Engine (ISE) TACACS + Server Desktop Client

Fa'amatalaga
Faʻapipiʻi ma faʻapipiʻi le ISE e faʻaaoga ai faʻatonuga i le ISE pepa mo lau afi.
E te mana'omia le tuatusi IP, taulaga, ma fa'asoa fa'alilolilo ki mo le fa'atulagaina. E te mana'omia fo'i le laisene Fa'atonu Fa'atonu.
E te mana'omia le tuatusi IP, taulaga, ma fa'asoa fa'alilolilo ki mo le fa'atulagaina.
E te fa'aogaina le Desktop Client mo lenei fa'atonuga pe a e mana'o e fa'aoga galuega fa'apitoa i luga ole laiga. Ina ia fa'apipi'i le Client Desktop, tagai ile Cisco Secure Network Analytics System Configuration Guide e fetaui ma lau version Secure Network Analytics.

-6-

Matafaioi a le Tagata Faaaogaview
Matafaioi a le Tagata Faaaogaview
O lenei taʻiala e aofia ai faʻatonuga mo le faʻatulagaina o au TACACS + tagata faʻaoga mo le faʻamaonia mamao ma le faʻatagaina. Ae e te le'i amataina le faatulagaga, toe faiview fa'amatalaga i lenei vaega e fa'amautinoa e sa'o sa'o lou fa'aogaina o au fa'aoga.
Fa'atonu Igoa o Tagata Fa'aoga
Mo le faʻamaoniga mamao ma le faʻatagaina, e mafai ona e faʻatulagaina au tagata faʻaoga ile ISE. Mo faʻamaoniga faʻapitonuʻu ma faʻatagaina, fetuutuunai au tagata faʻaoga i le Pule.
l Mamao: Ina ia fetuutuunai au tagata faʻaoga ile ISE, mulimuli i faʻatonuga i lenei taʻiala faʻatulagaina.
l Fa'alotoifale: Ina ia fa'atulaga au tagata fa'aoga i le lotoifale, saini i totonu i le Pule. Mai le lisi autu, filifili Configure> Global> User Management. Filifili Fesoasoani mo faatonuga.
Igoa Tagata Fa'aoga Mata'utia
A e fetuutuuna'i tagata fa'aoga mamao, fa'agaoioi mata'itusi i luga ole server mamao. Afai e te le fa'atagaina le fa'aogaina o mataupu i luga o le server mamao, e ono le mafai e tagata fa'aoga ona maua a latou fa'amaumauga pe a latou ulufale i totonu o le Secure Network Analytics.
Fa'alua Igoa Fa'aoga
Pe e te fetuutuuna'i igoa o tagata fa'aoga i le mamao (i le ISE) po'o le lotoifale (i le Pule), ia mautinoa o igoa uma o tagata fa'aoga e tulaga ese. Matou te le fautuaina le kopiina o igoa o tagata faaaoga i luga o sapalai mamao ma Secure Network Analytics.
Afai e saini se tagata faʻaoga i le Pule, ma e tutusa lava le igoa o le tagata faʻaoga i totonu o Secure Network Analytics ma ISE, e naʻo latou faʻaogaina faʻamaumauga a le Pule/Secure Network Analytics. E le mafai ona latou maua a latou fa'amaumauga TACACS+ mamao pe a fa'aluaina o latou igoa fa'aoga.
Muamua Versions
Afai na e configured TACACS + i se lomiga muamua o Cisco Secure Network Analytics (Stealthwatch v7.1.1 ma muamua), ia mautinoa e te fatuina tagata fou ma igoa tulaga ese mo v7.1.2 ma mulimuli ane. Matou te le fautuaina le fa'aogaina po'o le fa'aluaina o igoa fa'aoga mai fa'asologa muamua o Secure Network Analytics.
Ina ia fa'aauau le fa'aogaina o igoa fa'aoga na faia i le v7.1.1 ma muamua atu, matou te fautuaina le suia i le lotoifale na'o lau Pule muamua ma le Desktop Client. Va'ai i le Fesoasoani mo faatonuga.

-7-

Matafaioi a le Tagata Faaaogaview

Fa'atulagaina o Vaega Fa'asinomaga ma Tagata Fa'aoga
Mo se saini fa'ataga fa'aoga, e te fa'afanua shell profiles i ou tagata fa'aoga. Mo atigi taitasi profile, e mafai ona e atofa i le Primary Admin role po'o le faia o se tu'ufa'atasiga o galuega e le o se pule. Afai e te tofia le Primary Admin matafaioi i se atigi profile, e leai ni matafaioi faaopoopo e faatagaina. Afai e te fatuina se tu'ufa'atasiga o matafaioi e le o se pule, ia mautinoa e fetaui ma mana'oga.
Matafaioi Pule Muamua
Primary Admin e mafai view galuega uma ma suia soo se mea. Afai e te tofia le Primary Admin matafaioi i se atigi profile, e leai ni matafaioi faaopoopo e faatagaina.

Matafaioi Pule Sili

Uiga Taua cisco-stealthwatch-master-admin

Tuufaatasiga o Matafaioi e le o ni Pule
Afai e te faia se tu'ufa'atasiga o matafaioi e le o se fa'atonu mo lau shell profile, ia mautinoa e aofia ai mea nei:
l 1 Fa'amaumauga (na'o) l 1 pe sili atu Web matafaioi l 1 po'o le sili atu matafaioi a le Client Desktop
Mo fa'amatalaga, va'ai i le laulau o Attribute Values.
Afai e te tofia le Primary Admin matafaioi i se atigi profile, e leai ni matafaioi faaopoopo e faatagaina. Afai e te fatuina se tu'ufa'atasiga o matafaioi e le o se pule, ia mautinoa e fetaui ma mana'oga.

-8-

Matafaioi a le Tagata Faaaogaview

Uiga Taua
Mo nisi fa'amatalaga e uiga i ituaiga o matafaioi ta'itasi, kiliki le so'oga i le koluma Matafaioi Manaomia.

Matafaioi Manaomia 1 Fa'amaumauga (na'o)
1 pe sili atu Web matafaioi
1 pe sili atu le matafaioi a le Client Desktop

Uiga Taua
l cisco-stealthwatch-uma-faamatalaga-faitau-ma-tusi l cisco-stealthwatch-uma-faamatalaga-faitau-na'o
l cisco-stealthwatch-configuration-manager l cisco-stealthwatch-power-analyst l cisco-stealthwatch-su'esu'e
l cisco-stealthwatch-desktop-stealthwatch-power-user l cisco-stealthwatch-desktop-configuration-manager l cisco-stealthwatch-desktop-network-engineer l cisco-stealthwatch-desktop-security-analyst

Aotelega Matafaioi
Ua matou saunia se aotelega o matafaioi ta'itasi i siata nei. Mo nisi fa'amatalaga e uiga i matafaioi a tagata fa'aoga ile Secure Network Analytics, toeview le itulau o le Pulega o Tagata Fa'aoga i Fesoasoani.
Matafaioi Faamatalaga
Ia mautinoa e te filifilia na'o le tasi le matafaioi fa'amaumauga.

Matafaioi Faamatalaga

Fa'atagaga

Fa'amatalaga uma (Na'o Faitau)

E mafai e le tagata fa'aoga view fa'amatalaga i so'o se vaega po'o se vaega talimalo, po'o luga o so'o se masini po'o se masini, ae le mafai ona faia so'o se fa'atonuga.

Fa'amatalaga uma (Faitau ma Tusi)

E mafai e le tagata fa'aoga view ma fetuutuuna'i fa'amaumauga i so'o se vaega po'o se fa'alapotopotoga talimalo, po'o luga o so'o se masini po'o se masini.

Le fa'atinoga fa'apitoa (su'esu'ega tafe, pulega fa'avae, fa'avasegaga o feso'otaiga, ma isi) e mafai e le tagata fa'aoga view ma/po'o le configure e fuafua e le tagata fa'aoga web matafaioi.

-9-

Matafaioi a le Tagata Faaaogaview

Web Matafaioi

Fa'atagaga

Su'esu'e Malosiaga

E mafai e le Pule Su'esu'e ona faia le su'esu'ega muamua i felauaiga ma tafega fa'apea fo'i le fa'atulagaina o faiga fa'avae ma fa'alapotopotoga talimalo.

Pule Fa'atonu

E mafai e le Pule Fa'atonu view galuega fa'atatau ile fa'atulagaina.

Su'esu'e

E mafai e le tagata su'esu'e ona faia le su'esu'ega muamua i femalagaiga ma tafega.

Matafaioi Client Desktop

Web Matafaioi

Fa'atagaga

Pule Fa'atonu

E mafai e le Pule Fa'atonu view mea lisi uma ma fetuutuuna'i mea faigaluega uma, masini, ma fa'alapotopotoga.

Inisinia Network

E mafai e le Network Engineer view mea uma e fa'atatau i ta'avale i totonu o le Desktop Client, fa'apipi'i fa'ailo ma fa'amatalaga fa'afeiloa'i, ma fa'atino uma gaioiga fa'ailo, se'i vagana ai le fa'aitiitia.

Su'esu'e Saogalemu

E mafai e le Su'esu'e Puipuiga view mea uma e feso'ota'i ma le saogalemu, fa'apipi'i fa'ailo ma fa'amatalaga fa'afeiloa'i, ma fa'atino gaioiga fa'ailo uma, e aofia ai le fa'aitiitia.

Saogalemu Network Analytics Power User

E mafai e le Secure Network Analytics Power User view mea lisi uma, fa'ailoa fa'amalo, ma fa'apipi'i fa'ailo ma fa'amatalaga talimalo, ae aunoa ma le malosi e sui ai se mea.

– 10 –

Fa'agasologa Fa'aumaview
Fa'agasologa Fa'aumaview
E mafai ona e faʻatulagaina Cisco ISE e tuʻuina atu TACACS +. Ina ia manuia le faʻatulagaina o TACACS + ma faʻatagaina le TACACS + i le Secure Network Analytics, ia mautinoa e te faʻamaeʻaina faiga nei:
1. Fa'atulaga le TACACS+ i le ISE 2. Fa'agaoioi le TACACS+ Fa'atagaga ile Secure Network Analytics 3. Su'e Mamao TACACS+ User Login

– 11 –

1. Fa'atulaga TACACS+ ile ISE
1. Fa'atulaga TACACS+ ile ISE
Fa'aoga fa'atonuga nei e fa'atulaga ai le TACACS+ ile ISE. O lenei fa'atulagaga e mafai ai e au tagata fa'aoga mamao TACACS+ ile ISE ona fa'aoga i totonu ole Secure Network Analytics.
Ae e te le'i Amata
Ae e te leʻi amataina nei faʻatonuga, faʻapipiʻi ma faʻapipiʻi le ISE e faʻaaoga ai faʻatonuga i le ISE pepa mo lau afi. E aofia ai le fa'amautinoa ua sa'o le fa'atulagaina o au tusi pasi.
Igoa Fa'aoga
Pe e te fetuutuuna'i igoa o tagata fa'aoga i le mamao (i le ISE) po'o le lotoifale (i le Pule), ia mautinoa o igoa uma o tagata fa'aoga e tulaga ese. Matou te le fautuaina le kopiina o igoa o tagata faaaoga i luga o sapalai mamao ma Secure Network Analytics.
Fa'alua Igoa Fa'aoga: Afai e fa'aoga se tagata fa'aoga i le Pule, ma o lo'o i ai le igoa tutusa o lo'o fa'aogaina i totonu o le Secure Network Analytics ma le ISE, e na'o le latou fa'aogaina o fa'amaumauga a le Pule/Secure Network Analytics. E le mafai ona latou maua a latou fa'amaumauga TACACS+ mamao pe a fa'aluaina o latou igoa fa'aoga.
Igoa o Tagata Fa'aoga Mata'utia: A e fa'atulagaina tagata fa'aoga mamao, fa'agaoioi le fa'aogaina o mata'itusi i le server mamao. Afai e te le fa'atagaina le fa'aogaina o mataupu i luga o le server mamao, e ono le mafai e tagata fa'aoga ona maua a latou fa'amaumauga pe a latou ulufale i totonu o le Secure Network Analytics.
Matafaioi a tagata faaaoga
Mo taʻitasi TACACS + profile i le ISE, e mafai ona e tofia le Primary Admin role poʻo le fatuina o se tuʻufaʻatasiga o matafaioi e le o se pule.
Afai e te tofia le Primary Admin matafaioi i se atigi profile, e leai ni matafaioi faaopoopo e faatagaina. Afai e te fatuina se tu'ufa'atasiga o matafaioi e le o se pule, ia mautinoa e fetaui ma mana'oga. Mo nisi fa'amatalaga e uiga i matafaioi a le tagata fa'aoga, tagai ile User Roles Overview.
1. Fa'afeso'ota'i le Fa'atonu Fa'atonu ile ISE
Fa'aaoga faatonuga nei e fa'aopoopo ai le TACACS+ auaunaga ile ISE.
1. Ulufale i lau ISE ose pule. 2. Filifili Nofoaga Autu o Galuega > Pulea Fa'atonu > Ovaview.

– 12 –

1. Fa'atulaga TACACS+ ile ISE
Afai e le o fa'aalia le Fa'atonuga o Meafaigaluega i Nofoaga Autu o Galuega, alu i le Pulega> Fa'atonu> Laisene. I le vaega Laisene, fa'amaonia le Laisene Fa'atonu Fa'atonu o lo'o fa'aalia. Afai e le o faʻaalia, faʻaopoopo le laisene i lau teugatupe. 3. Filifili Fa'atonu.
4. Filifili Nodes Auaunaga Faiga uma po'o Nodes Fa'apitoa. 5. I le fanua TACACS Ports, fa'atumu le 49.

6. Kiliki Save.
2. Fausia TACACS + Profiles
Fa'aaoga faatonuga nei e fa'aopoopo ai le TACACS+ shell profiles ia ISE. O le a e fa'aogaina fo'i nei fa'atonuga e tu'u atu ai matafaioi mana'omia ile shell profile.
1. Filifili Nofoaga Autu o Galuega > Pulea Fa'atonu > Fa'avae Fa'avae. 2. Filifili I'uga > TACACS Profiles. 3. Kiliki Faaopoopo. 4. I le Igoa fanua, ulufale i se igoa fa'aoga tulaga ese.
Mo fa'amatalaga e uiga i igoa fa'aoga fa'asino ile User Roles Overview.

– 13 –

1. Fa'atulaga TACACS+ ile ISE
5. I le fa'alalo-lalo Tuaiga Galuega masani, filifili Shell. 6. I le vaega o Uiga Fa'apitoa, kiliki Fa'aopoopo. 7. I le Ituaiga fanua, filifili Mandatory. 8. I le Igoa fanua, ulufale i le matafaioi. 9. I totonu o le Fa'atauga fanua, ulufale i le uiga taulia mo le Primary Admin pe fausia se tuufaatasiga
o matafaioi e le o se pule. l Faasaoina: Kiliki le Siaki icon e teu ai le matafaioi. l Tu'ufa'atasiga o Matafaioi e le o ni Pule: Afai e te faia se tu'ufa'atasiga o matafaioi e le o se pule, toe fai le Laasaga 5 e o'o i le 8 se'ia e fa'aopoopoina se laina mo matafaioi mana'omia ta'itasi (Fa'amaumauga, Web matafaioi, ma le matafaioi a le Client Desktop).

– 14 –

1. Fa'atulaga TACACS+ ile ISE

Matafaioi Pule Muamua
Primary Admin e mafai view galuega uma ma suia soo se mea. Afai e te tofia le Primary Admin matafaioi i se atigi profile, e leai ni matafaioi faaopoopo e faatagaina.

Matafaioi Pule Sili

Uiga Taua cisco-stealthwatch-master-admin

Tuufaatasiga o Matafaioi e le o ni Pule
Afai e te faia se tu'ufa'atasiga o matafaioi e le o se fa'atonu mo lau shell profile, ia mautinoa e aofia ai mea nei:
l 1 Fa'amaumauga (na'o): ia mautinoa e te filifilia na'o le tasi le matafaioi fa'amaumauga l 1 pe sili atu Web matafaioi l 1 po'o le sili atu matafaioi a le Client Desktop

Matafaioi Manaomia 1 Fa'amaumauga (na'o)
1 pe sili atu Web matafaioi
1 pe sili atu le matafaioi a le Client Desktop

Afai e te tofia le Primary Admin matafaioi i se atigi profile, e leai ni matafaioi faaopoopo e faatagaina. Afai e te fatuina se tu'ufa'atasiga o matafaioi e le o se pule, ia mautinoa e fetaui ma mana'oga.
10. Kiliki Save. 11. Toe fai laasaga i le 2. Fausia TACACS + Profiles e fa'aopoopo so'o se TACACS+ fa'aopoopo
atigi profiles ia ISE.

– 15 –

1. Fa'atulaga TACACS+ ile ISE
Ae e te le'i alu i le 3. Map Shell Profiles i Vaega poʻo Tagata faʻaoga, e te manaʻomia le fatuina o Tagata Faʻaoga, Tagata Faʻamatalaga Faʻamatalaga (filifiliga), ma TACACS + seti poloaiga. Mo fa'atonuga ile fa'atupuina o Tagata Fa'aoga, Vaega Fa'asinomaga Tagata, ma seti TACACS+, fa'asino ile ISE pepa mo lau afi.
3. Map Shell Profiles i Vaega po'o Tagata Fa'aoga
Fa'aaoga faatonuga nei e fa'afanua ai lau atigi profiles i lau fa'atagaga tulafono.
1. Filifili Nofoaga Autu o Galuega > Pulea Fa'atonu > Seti Faiga Fa'avae Fa'atonu. 2. Su'e lou igoa seti o faiga fa'avae. Kiliki le Arrow icon. 3. Su'e lau faiga fa'atagaina. Kiliki le Arrow icon. 4. Kiliki le + Plus icon.

5. I le tulaga fanua, kiliki le + Plus icon. Fa'atulaga aiaiga o faiga fa'avae.
l Vaega Fa'asinomaga Tagata: Afai ua e fa'atulagaina se vaega fa'asinomaga tagata, e mafai ona e faia se tulaga e pei o le "InternalUser.IdentityGroup".
Mo example, “InternalUser.IdentityGroup EQUALS ” e fetaui ma se vaega patino e iloagofie ai tagata e faaaogāina.
l Tagata Ta'ito'atasi: Afai ua e fa'atulagaina se tagata fa'aoga, e mafai ona e faia se tulaga e pei o le "InternalUser.Name".
Mo example, “InternalUser.Igoa EQUALS ” e fetaui ma se tagata e faaaogāina faapitoa.

– 16 –

1. Fa'atulaga TACACS+ ile ISE
Fesoasoani: Mo faatonuga a le Conditions Studio, kiliki le? Aikona fesoasoani.
6. I le Shell Profiles fanua, filifili le atigi profile na e faia i le 2. Fausia TACACS + Profiles.
7. Toe fai laasaga i le 3. Map Shell Profiles i Groups po'o Tagata fa'aoga se'ia e fa'afanua uma atigi profiles i lau fa'atagaga tulafono.

– 17 –

1. Fa'atulaga TACACS+ ile ISE
4. Fa'aopoopo Su'esu'ega o Feso'ota'iga Saogalemu e pei o se masini feso'ota'iga
1. Filifili le Pulega > Network Resources > Network Devices. 2. Filifili Network Devices, kiliki + Add. 3. Fa'atumu fa'amatalaga mo lou Pule muamua, e aofia ai ma fa'afanua nei:
l Igoa: Tu'u le igoa o lou Pule. l tuatusi IP: Ulufale i le tuatusi IP Pule. l Fa'asoa Fa'alilo: Ulufale le ki fa'alilolilo fa'asoa. 4. Kiliki Save. 5. Fa'amautu le masini feso'ota'iga o lo'o fa'asaoina i le lisi o Mea Fa'apipi'i.
6. Alu ile 2. Fa'agaoioi le TACACS + Fa'atagaga ile Secure Network Analytics.

– 18 –

2. Fa'agaoioi le TACACS+ Fa'atagaga ile Secure Network Analytics

2. Fa'agaoioi le TACACS+ Fa'atagaga ile Secure Network Analytics
Fa'aoga fa'atonuga nei e fa'aopoopo ai le TACACS+ server ile Secure Network Analytics ma mafai ai le fa'atagaina mamao.
Na'o se Pule Sili e mafai ona fa'aopoopo le TACACS+ server ile Secure Network Analytics.

E mafai ona e fa'aopoopo na'o le tasi le TACACS+server i le TACACS+ authentication service.
1. Ulufale i lou Pule muamua. 2. Mai le lisi autu, filifili Configure> Global> User Management. 3. Kiliki le Authentication and Authorization tab. 4. Kiliki Fausia. Filifili Auaunaga Fa'amaonia. 5. Kiliki le Authentication Service drop-down. Filifili TACACS+. 6. Faatumu fanua:

Field Authentication Service Faamatalaga Igoa
Taimi Taimi (Secons)
Prefix

Fa'amatalaga
Ulufale se igoa tulaga ese e iloa ai le server.
Tu'u se fa'amatalaga o lo'o fa'amaoti mai ai pe fa'apefea ona fa'aogaina le server.
Ole aofa'i ole taimi (i sekone) ole igoa ole tagata fa'aoga po'o le fa'aupuga e fa'amaonia a'o le'i mana'omia e le Secure Network Analytics le toe fa'aofiina o fa'amatalaga.
O lenei fanua e filifili. O le manoa prefix e tu'u i le amataga o le igoa fa'aoga pe a lafo le igoa ile RADIUS po'o le TACACS+ server. Mo example, pe a fai o le igoa o le tagata o le zoe ma o le malo o le DOMAIN-

– 19 –

Suffix
Server IP Address Port Secret Key

2. Fa'agaoioi le TACACS+ Fa'atagaga ile Secure Network Analytics
A, o le igoa fa'aoga DOMAIN-Azoe ua lafo i le 'au'aunaga. Afai e te le faʻapipiʻiina le Prefix field, naʻo le igoa faʻaoga e lafo i le server.
O lenei fanua e filifili. O le manoa suffix e tu'u i le pito o le igoa fa'aoga. Mo example, afai o le suffix o le @mydomain.com, o le username zoe@mydomain.com e auina atu i le TACACS + server. Afai e te le faʻatulagaina le Suffix field, naʻo le igoa faʻaoga e lafo i le server.
Fa'aoga tuatusi IPv4 po'o IPv6 pe a fa'atulaga auaunaga fa'amaonia.
Ulufale so'o se numera mai le 0 i le 65535 e fetaui ma le taulaga talafeagai.
Ulufale i le ki faalilolilo na faʻatulagaina mo le server talafeagai.

7. Kiliki Save. O le TACACS + server fou ua faʻaopoopoina, ma faʻamatalaga mo le server faʻaalia.
8. Kiliki le lisi o Actions mo le TACACS+ server. 9. Filifili le Enable Remote Authorization mai le lisi pa'ū. 10. Mulimuli i fa'atonuga i luga ole lau e mafai ai le TACACS +.

– 20 –

3. Su'e mamao TACACS + User Login
3. Su'e mamao TACACS + User Login
Fa'aaoga faatonuga nei e saini ai ile Pule. Mo le fa'atagaina TACACS+ mamao, ia mautinoa o lo'o fa'aoga uma tagata fa'aoga ile Pule.
Ina ia saini sa'o i se masini ma fa'aoga le Appliance Administration, saini i totonu i le lotoifale. 1. I totonu o le tuatusi tuatusi o lau su'esu'ega, fa'aoga mea nei:
https:// followed by the IP address of your Manager.
2. Ulufale le igoa fa'aoga ma le fa'aupuga a se tagata fa'aoga mamao TACACS+. 3. Kiliki Sign In.
Afai e le mafai e se tagata fa'aoga ona ulufale i le Pule, toeview le vaega Fa'afitauli.

– 21 –

Fa'afitauli

Fa'afitauli
Afai e te feagai ma se tasi o nei faʻafitauli faʻafitauli, faʻafesoʻotaʻi lau pule e toeview le fa'atulagaina ma fofo na matou saunia iinei. Afai e le mafai e lau pule ona foia ia faʻafitauli, faʻamolemole faʻafesoʻotaʻi Cisco Support.
Fa'aaliga

Fa'ata'ita'iga E le mafai e se tagata fa'aoga TACACS+ ona saini i totonu
E le mafai ona saini uma tagata TACACS+

Fa'amatalaga
l Review le Fa'amaumauga a le Su'etusi mo le fa'aogaina o le saini a le tagata fa'aoga i Fa'afanua Fa'aletulafono po'o le Fa'asoa Fa'atasi o Matafaioi. E mafai ona tupu lenei mea pe afai o le vaega fa'asinomaga shell profile e aofia ai le Pule Sili ma isi matafaioi, po'o le tu'ufa'atasiga o matafaioi e le o se pule e le'o fetaui ma mana'oga. Va'ai ile User Role Overview mo fa'amatalaga.
l Ia mautinoa e le tutusa le igoa ole TACACS+ ma le igoa ole tagata fa'apitonu'u (Secure Network Analytics). Va'ai ile User Role Overview mo fa'amatalaga.
l Siaki le fa'atulagaina o le TACACS+ ile Secure Network Analytics.
l Siaki le faʻatulagaina i luga o le TACACS + server.
l Ia mautinoa o loʻo faʻaogaina le TACACS + server. l Ia mautinoa ua mafai le auaunaga TACACS+ i totonu
Secure Network Analytics: l E mafai ona tele sapalai fa'amaonia ua fa'amalamalamaina, ae na'o le tasi e mafai ona fa'atagaina mo le fa'atagaina. Fa'asino i le 2.
Fa'aagaoi le TACACS+ Fa'atagaga ile Secure Network Analytics mo fa'amatalaga. l Ina ia fa'atagaina le fa'atagaina mo se TACACS+ fa'apitoa, fa'asino ile 2. Fa'aaga
TACACS+ Fa'atagaga ile Secure Network Analytics mo fa'amatalaga.

– 22 –

Fa'afitauli

A o'o i totonu se tagata fa'aoga, e na'o le Pule i le lotoifale e mafai ona latou mauaina

Afai o lo'o iai se tagata fa'aoga ma le igoa fa'aoga tutusa i le Secure Network Analytics (local) ma le TACACS+ server (mamao), o le saini fa'apitonu'u e fa'amalo le saini mamao. Va'ai ile User Role Overview mo fa'amatalaga.

– 23 –

Fa'afeso'ota'i le Lagolago
Fa'afeso'ota'i le Lagolago
Afai e te mana'omia le lagolago fa'apitoa, fa'amolemole fai se tasi o mea nei: l Fa'afeso'ota'i lau Paaga Cisco i lou lotoifale Fa'afeso'ota'i Cisco Lagolago l E tatala se mataupu e ala i web: http://www.cisco.com/c/en/us/support/index.html l Mo lagolago telefoni: 1-800-553-2447 (US) l Mo numera lagolago i le lalolagi atoa: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

– 24 –

Suiga Tala'aga

Fa'amatalaga Tusia 1_0

Aso Fa'asalalau Aukuso 21, 2025

Suiga Tala'aga
Fa'amatalaga Fa'amatalaga muamua.

– 25 –

Fa'amatalaga Puletaofia
Cisco ma le Cisco logo o fa'ailoga fa'ailoga po'o fa'ailoga fa'amaufa'ailoga a Cisco ma/po'o ona so'otaga i le US ma isi atunu'u. I view se lisi o faailoga tau Cisco, alu i lenei URL: https://www.cisco.com/go/trademarks. O fa'ailoga tau fefa'ataua'iga lona tolu o lo'o ta'ua o meatotino a latou tagata e ona. O le faʻaaogaina o le upu paaga e le faʻaalia ai se mafutaga faʻapaʻaga i le va o Cisco ma soʻo se isi kamupani. (1721R)
© 2025 Cisco Systems, Inc. ma/po'o ana paaga. Ua taofia aia tatau uma.

Pepa / Punaoa

Cisco TACACS + Secure Network Analytics [pdf] Taiala mo Tagata Fa'aoga
7.5.3, TACACS Secure Network Analytics, TACACS, Secure Network Analytics, Network Analytics, Analytics

Fa'asinomaga

Tusi Taiala

Cisco TACACS + Secure Network Analytics User Guide

TACACS + Secure Network Analytics

Fa'amatalaga

Fa'amatalaga o oloa

Fa'atonuga o le Fa'aaogaina o Mea

Folasaga

Tagata fa'alogo

Fa'aupuga

Fegalegaleaiga

Puleaina o Tali

Faivale

FAQ

F: E mafai ona fa'aoga le TACACS+ i le Fa'atulafonoina o le Fa'atonu?

Pepa / Punaoa

Fa'asinomaga

Tuu se faamatalaga

Fa'aleaogaina le tali