Cisco TACACS+ Secure Network Analytics User Guide

Cisco Secure Network Analytics, e tsejoang hape e le Stealthwatch,
e sebelisa Terminal Access Controller Access-Control System
(TACACS+) protocol bakeng sa litšebeletso tsa netefatso le tumello.
E lumella basebelisi ho fihlella lits'ebetso tse ngata ka sete e le 'ngoe
ea mangolo a bopaki.

Litaelo tsa Tšebeliso ea Sehlahisoa

Selelekela

Ho lokisa TACACS+ bakeng sa Cisco Secure Network Analytics, latela
mehato e hlalositsoe tataisong ena.

Bamameli

Tataiso ena e reretsoe balaoli ba marang-rang le basebetsi
e ikarabellang bakeng sa ho kenya le ho lokisa Secure Network Analytics
lihlahisoa. Bakeng sa ho kenya setsebi, ikopanye le Cisco ea lehae
Tšehetso ea molekane kapa Cisco.

Terminology

Tataiso e bua ka sehlahisoa e le sesebelisoa, ho kenyelletsa
lihlahisoa tse fumanehang joalo ka Cisco Secure Network Analytics Flow
Sensor Virtual Edition. Lihlopha ke lihlopha tsa lisebelisoa tse laoloang
ka Cisco Secure Network Analytics Manager.

Ho lumellana

Netefatsa hore basebelisi bohle ba kena ka Motsamaisi oa TACACS+
netefatso le tumello. Likarolo tse ling joalo ka FIPS le
Compliance Mode ha e fumanehe ha TACACS+ e butswe.

Tsamaiso ea Karabelo

Hlophisa Taolo ea Likarabo ho Mookameli ho amohela imeile
litlhokomeliso, litlaleho, joalo-joalo Basebelisi ba hloka ho hlophisoa joalo ka basebelisi ba lehae ho
Motsamaisi oa karolo ena.

Failover

Ha u sebelisa Batsamaisi ka para ea failover, hlokomela hore TACACS+ ke
e fumaneha feela ho Motsamaisi oa mantlha. Haeba e hlophisitsoe ho ea pele
Motsamaisi, TACACS+ ha e tšehetsoe ho Motsamaisi oa bobeli. Khothatsa
Motsamaisi oa bobeli ho isa ho oa mantlha ho sebelisa netefatso ea kantle
ditshebeletso ho yona.

LBH

P: Na TACACS+ e ka sebelisoa ha Compliance Mode e nolofalitsoe?

A: Che, TACACS+ netefatso le tumello ha li tšehetse
Mokhoa oa ho latela. Netefatsa hore Compliance Mode e koetsoe ha o sebelisa
TACACS+.

View Fullscreen

Cisco Sireletsehile Network Analytics
TACACS+ Tataiso ea Tlhophiso 7.5.3

Tafole ea likateng

Selelekela

Bamameli

Terminology

Ho lumellana

Tsamaiso ea Karabelo

Failover

Tokisetso

Likarolo tsa Basebelisi li Fetileview

Ho lokisa Mabitso a Basebelisi

Mabitso a Mabitso a Mabitso a Basebelisi

Mabitso a Phethahetseng

Liphetolelo tsa Pele

Ho lokisa Lihlopha tsa Boitsebiso le Basebelisi

Karolo ea Tsamaiso ea mantlha

Motsoako oa Likarolo tseo e seng tsa Tsamaiso

Litšoaneleho tsa Botho

Kakaretso ea Likarolo

Likarolo tsa Boitsebiso

Web Likarolo

Likarolo tsa Bareki ba Desktop

Ts'ebetso e Felletseview

1. Lokisa TACACS+ ho ISE

Pele o Qala

Mabitso a basebelisi

Likarolo tsa Basebelisi

1. Numella Tsamaiso ea Sesebelisoa ho ISE

2. Etsa TACACS + Profiles

Karolo ea Tsamaiso ea mantlha

-2-

Motsoako oa Likarolo tseo e seng tsa Tsamaiso

3. 'Mapa Shell Profiles ho Lihlopha kapa Basebelisi

4. Eketsa Secure Network Analytics e le Sesebelisoa sa Marang-rang

2. Numella tumello ea TACACS+ ho Secure Network Analytics

3. Lekola Remote TACACS + User Login

Ho batle phoso

Scenarios

Ho ikopanya le Tšehetso

Fetola Histori

-3-

Selelekela
Selelekela
Terminal Access Controller Access-Control System (TACACS+) ke protocol e ts'ehetsang litšebeletso tsa netefatso le tumello 'me e lumella mosebelisi ho fihlella lits'ebetso tse ngata ka sete e le 'ngoe ea mangolo. Sebelisa litaelo tse latelang ho lokisa TACACS+ bakeng sa Cisco Secure Network Analytics (eo pele e neng e le Stealthwatch).
Bamameli
Bamameli ba reretsoeng tataiso ena ba kenyelletsa batsamaisi ba marang-rang le basebetsi ba bang ba nang le boikarabelo ba ho kenya le ho lokisa lihlahisoa tsa Secure Network Analytics.
Haeba u khetha ho sebetsa le setsebi sa setsebi, ka kopo ikopanye le Cisco Partner ea sebakeng sa heno kapa ikopanye le Cisco Support.
Terminology
Tataiso ena e sebelisa lentsoe "sesebediswa" bakeng sa sehlahisoa sefe kapa sefe sa Secure Network Analytics, ho kenyeletsoa le lihlahisoa tsa sebele tse kang Cisco Secure Network Analytics Flow Sensor Virtual Edition.
"Sehlopha" ke sehlopha sa hau sa lisebelisoa tsa Secure Network Analytics tse laoloang ke Cisco Secure Network Analytics Manager (eo pele e neng e le Stealthwatch Management Console kapa SMC).
Ho v7.4.0 re ile ra reha lihlahisoa tsa rona tsa Cisco Stealthwatch Enterprise ho Cisco Secure Network Analytics. Bakeng sa lenane le felletseng, sheba Lintlha tsa Phatlalatso. Tataisong ena, u tla bona lebitso la sehlahisoa sa rona sa khale, Stealthwatch, le sebelisoa neng kapa neng ha ho hlokahala ho boloka ho hlaka, hammoho le mantsoe a kang Stealthwatch Management Console le SMC.

-4-

Selelekela
Ho lumellana
Bakeng sa netefatso le tumello ea TACACS+, etsa bonnete ba hore basebelisi bohle ba kena ka Motsamaisi. Ho kena ka har'a sesebelisoa ka kotloloho le ho sebelisa Tsamaiso ea Lisebelisoa, kena sebakeng sa heno.
Likarolo tse latelang ha li fumanehe ha TACACS+ e lumelletsoe: FIPS, Mokhoa oa ho Laela.
Tsamaiso ea Karabelo
Taolo ea Likarabo e hlophisitsoe ho Motsamaisi oa hau. Ho fumana litemoso tsa lengolo-tsoibila, litlaleho tse hlophisitsoeng, joalo-joalo etsa bonnete ba hore mosebelisi o lokiselitsoe joalo ka mosebelisi oa lehae ho Motsamaisi. Eya ho Configure > Detection > Taolo ea Karabo, 'me u lebise ho Thuso bakeng sa litaelo.
Failover
Ka kopo ela hloko lintlha tse latelang haeba u hlophisitse Batsamaisi ba hau e le sehlopha se sa sebetseng hantle:
l TACACS+ e fumaneha feela ho Motsamaisi oa mantlha. TACACS+ ha e tšehetsoe ho Motsamaisi oa bobeli.
l Haeba TACACS+ e hlophisitsoe ho Motsamaisi oa mantlha, lintlha tsa mosebelisi tsa TACACS+ ha li fumanehe ho Motsamaisi oa bobeli. Pele o ka sebelisa lits'ebeletso tse hlophisitsoeng tsa netefatso ea kantle ho Motsamaisi oa bobeli, o hloka ho phahamisa Motsamaisi oa bobeli ho ea ho oa mathomo.
l Haeba u nyolla Mookameli oa bobeli ho ea ho tsa mathomo:
l Numella TACACS+ le tumello ea hole ho Motsamaisi oa bobeli. l Basebelisi leha e le bafe ba kantle ba keneng ho Motsamaisi oa mantlha o theotsoeng ba tla kenngoa
tsoa. l Motsamaisi oa bobeli ha a boloke data ea mosebelisi ho tsoa ho Motsamaisi oa mantlha,
kahoo data efe kapa efe e bolokiloeng ho Mookameli oa mantlha ha e fumanehe ho Mookameli e mocha (ea phahamisitsoeng) oa mantlha. l Hang ha mosebelisi ea hole a kena ho Motsamaisi e mocha oa mantlha ka lekhetlo la pele, li-directory tsa basebelisi li tla etsoa mme data e bolokoe ho ea pele.
l Review Litaelo tsa Failover: Bakeng sa tlhaiso-leseling e batsi, sheba Tataiso ea Tlhophiso ea Failover.

-5-

Tokisetso

Tokisetso
O ka lokisa TACACS+ ho Cisco Identity Services Engine (ISE).
Re khothaletsa ho sebelisa Cisco Identity Services Engine (ISE) bakeng sa netefatso e bohareng le tumello. Leha ho le joalo, o ka sebelisa seva e ikemetseng ea TACACS + kapa oa kopanya seva efe kapa efe e lumellanang ea netefatso ho latela litlhoko tsa hau tse ikhethileng.
Etsa bonnete ba hore u na le tsohle tseo u li hlokang ho qala tlhophiso.

Tlhokahalo Cisco Identity Services Engine (ISE) TACACS+ Server Desktop Client

Lintlha
Kenya le ho lokisa ISE u sebelisa litaelo tse tokomaneng ea ISE bakeng sa enjine ea hau.
U tla hloka aterese ea IP, boema-kepe, le senotlolo se arolelanoang sa lekunutu bakeng sa tlhophiso. Hape o tla hloka laesense ea Tsamaiso ea Sesebelisoa.
U tla hloka aterese ea IP, boema-kepe, le senotlolo se arolelanoang sa lekunutu bakeng sa tlhophiso.
U tla sebelisa Client ea Desktop bakeng sa tlhophiso ena haeba u batla ho sebelisa likarolo tse tloaelehileng tsa komporo. Ho kenya Client ea Desktop, sheba ho Cisco Secure Network Analytics System Configuration Guide e lumellanang le phetolelo ea hau ea Secure Network Analytics.

-6-

Likarolo tsa Basebelisi li Fetileview
Likarolo tsa Basebelisi li Fetileview
Tataiso ena e kenyelletsa litaelo tsa ho lokisa basebelisi ba TACACS+ bakeng sa netefatso le tumello ea hole. Pele o qala tlhophiso, review lintlha tse karolong ena ho netefatsa hore u lokisa basebelisi ba hau ka nepo.
Ho lokisa Mabitso a Basebelisi
Bakeng sa netefatso e hole le tumello, o ka hlophisa basebelisi ba hau ho ISE. Bakeng sa netefatso le tumello ea lehae, lokisa basebelisi ba hau ho Motsamaisi.
l Remote: Ho hlophisa basebelisi ba hau ho ISE, latela litaelo tse bukeng ena ea tlhophiso.
l Lehae: Ho hlophisa basebelisi ba hau sebakeng sa heno feela, kena ho Motsamaisi. Ho tsoa ho menu e kholo, khetha Configure > Global > Taolo ea Mosebelisi. Kgetha Thuso bakeng sa ditaelo.
Mabitso a Mabitso a Mabitso a Basebelisi
Ha o lokisa basebelisi ba hole, lumella case-sensitivity ho seva e hole. Haeba u sa khone ho utloisisa boemo ho seva se hole, basebelisi ba kanna ba se khone ho fihlella data ea bona ha ba kena ho Secure Network Analytics.
Mabitso a Phethahetseng
Hore na o lokisa mabitso a basebelisi u le hole (ho ISE) kapa sebakeng sa heno (ho Motsamaisi), etsa bonnete ba hore mabitso ohle a basebelisi aa ikhetha. Ha re khothaletse ho kopitsa mabitso a basebelisi ho li-server tse hole le Sireletsehile Network Analytics.
Haeba mosebelisi a kena ho Mookameli, 'me a na le lebitso le tšoanang la mosebelisi le hlophisitsoeng ho Secure Network Analytics le ISE, ba tla fihlella data ea bona ea Mookameli / Secure Network Analytics feela. Ha ba khone ho fihlella data ea bona e hole ea TACACS+ haeba lebitso la bona la mosebelisi le kopitsoe.
Liphetolelo tsa Pele
Haeba u hlophisitse TACACS+ mofuteng oa pejana oa Cisco Secure Network Analytics (Stealthwatch v7.1.1 le pejana), etsa bonnete ba hore u theha basebelisi ba bacha ka mabitso a ikhethang bakeng sa v7.1.2 le hamorao. Ha re khothaletse ho sebelisa kapa ho qopitsa mabitso a basebelisi ho tsoa liphetolelong tsa pejana tsa Secure Network Analytics.
Ho tsoela pele ho sebelisa mabitso a basebelisi a entsoeng ho v7.1.1 le pejana, re khothaletsa ho a fetola hore e be a sebakeng sa heno feela ho Mookameli oa hau oa mantlha le Client ea Desktop. Sheba ho Thuso bakeng sa litaelo.

-7-

Likarolo tsa Basebelisi li Fetileview

Ho lokisa Lihlopha tsa Boitsebiso le Basebelisi
Bakeng sa ho kena ka tumello ea mosebelisi, u tla etsa 'mapa oa shell profiles ho basebelisi ba hau. Bakeng sa pro e 'ngoe le e' ngoe ea khetlafile, o ka abela karolo ea Mookameli oa Mathomo kapa oa theha motsoako oa likarolo tseo e seng tsa batsamaisi. Haeba u abela karolo ea Tsamaiso ea Mathomo ho pro shellfile, ha ho likarolo tse ling tse lumelloang. Haeba o theha motsoako oa likarolo tseo e seng tsa admin, etsa bonnete ba hore e fihlela litlhoko.
Karolo ea Tsamaiso ea mantlha
Primary Admin can view ts'ebetso eohle le ho fetola eng kapa eng. Haeba u abela karolo ea Tsamaiso ea Mathomo ho pro shellfile, ha ho likarolo tse ling tse lumelloang.

Karolo e ka sehloohong Admin

Boleng Boleng cisco-stealthwatch-master-admin

Motsoako oa Likarolo tseo e seng tsa Tsamaiso
Haeba u theha motsoako oa likarolo tseo e seng tsa admin bakeng sa pro shell ea haufile, etsa bonnete ba hore e kenyelletsa tse latelang:
l 1 Karolo ea data (feela) l 1 kapa ho feta Web karolo l 1 kapa ho feta karolo ea Desktop Client
Bakeng sa lintlha tse ling, sheba lethathamo la Litšobotsi tsa Litšobotsi.
Haeba u abela karolo ea Tsamaiso ea Mathomo ho pro shellfile, ha ho likarolo tse ling tse lumelloang. Haeba o theha motsoako oa likarolo tseo e seng tsa admin, etsa bonnete ba hore e fihlela litlhoko.

-8-

Likarolo tsa Basebelisi li Fetileview

Litšoaneleho tsa Botho
Ho fumana lintlha tse ling mabapi le karolo e 'ngoe le e 'ngoe ea karolo, tobetsa sehokelo sa Likarolo Tse Hlokehang kholomong.

Likarolo Tse Hlokehang 1 Karolo ea data (feela)
1 kapa ho feta Web karolo
Karolo e 1 kapa ho feta ea Desktop Client

Boleng ba Tšobotsi
l cisco-stealthwatch-data-bala-and-write l cisco-stealthwatch-data-tsohle-read-feela
l cisco-stealthwatch-configuration-manager l cisco-stealthwatch-matla-analyst l cisco-stealthwatch-analyst
l cisco-stealthwatch-desktop-stealthwatch-power-user l cisco-stealthwatch-desktop-configuration-manager l cisco-stealthwatch-desktop-network-engineer l cisco-stealthwatch-desktop-security-analyst

Kakaretso ea Likarolo
Re fane ka kakaretso ea karolo ka 'ngoe litafoleng tse latelang. Bakeng sa tlhaiso-leseling e batsi mabapi le likarolo tsa basebelisi ho Secure Network Analytics, review leqephe la Tsamaiso ea Basebelisi ho Thuso.
Likarolo tsa Boitsebiso
Etsa bonnete ba hore u khetha karolo e le 'ngoe feela ea data.

Karolo ea data

Litumello

Lintlha kaofela (Bala Feela)

Mosebedisi a ka view data sebakeng sefe kapa sefe kapa sehlopha sa moamoheli, kapa sesebelisoa kapa sesebelisoa, empa ha e khone ho etsa litlhophiso.

Lintlha Tsohle (Bala & Ngola)

Mosebedisi a ka view le ho lokisa data sebakeng sefe kapa sefe kapa sehlopha sa moamoheli, kapa sesebelisoa kapa sesebelisoa sefe kapa sefe.

Ts'ebetso e khethehileng (ho batla ho phalla, tsamaiso ea maano, lihlopha tsa marang-rang, joalo-joalo) tseo mosebedisi a ka li khonang view le/kapa tlhophiso e laolwa ke ya mosebedisi web karolo.

-9-

Likarolo tsa Basebelisi li Fetileview

Web Likarolo

Web Karolo

Litumello

Mohlahlobi oa Matla

Power Analyst a ka etsa lipatlisiso tsa pele mabapi le sephethephethe le phallo hammoho le ho lokisa maano le lihlopha tse amohelang baeti.

Motsamaisi oa Tlhophiso

Motsamaisi oa Litlhophiso a ka view tshebetso e amanang le tlhophiso.

Mohlahlobi

Mohlahlobi a ka etsa lipatlisiso tsa pele mabapi le sephethephethe le phallo.

Likarolo tsa Bareki ba Desktop

Web Karolo

Litumello

Motsamaisi oa Tlhophiso

Motsamaisi oa Litlhophiso a ka view lintho tsohle tsa menu le ho lokisa lisebelisoa tsohle, lisebelisoa, le litlhophiso tsa domain.

Moenjiniere oa Marang-rang

Moenjiniere oa Marang-rang a ka khona view lintho tsohle tse amanang le sephethephethe ka har'a Desktop Client, kenya alamo le lintlha tsa moamoheli, 'me u etse liketso tsohle tsa alamo, ntle le ho fokotsa.

Mohlahlobi oa Tšireletso

The Security Analyst a ka view lintho tsohle tsa menu tse amanang le ts'ireletso, kenya alamo le lintlha tsa moamoheli, 'me u etse liketso tsohle tsa alamo, ho kenyeletsoa ho fokotsa.

Sireletsa Mosebelisi oa Matla a Network Analytics

Secure Network Analytics Power User a ka view lintho tsohle tsa menu, amohela lialamo, 'me u kenye alamo le lintlha tsa moamoheli, empa ntle le matla a ho fetola letho.

- 10 -

Ts'ebetso e Felletseview
Ts'ebetso e Felletseview
U ka hlophisa Cisco ISE ho fana ka TACACS +. Ho atleha ho lokisa litlhophiso tsa TACACS+ le ho fana ka tumello ea TACACS+ ho Secure Network Analytics, etsa bonnete ba hore u tlatsa mekhoa e latelang:
1. Hlophisa TACACS+ ho ISE 2. Numella TACACS+ Authorization ho Sireletsehile Network Analytics 3. Lekola Remote TACACS+ Keno ea Mosebelisi

- 11 -

1. Lokisa TACACS+ ho ISE
1. Lokisa TACACS+ ho ISE
Sebelisa litaelo tse latelang ho lokisa TACACS+ ho ISE. Tokiso ena e thusa basebelisi ba hau ba hole ba TACACS+ ho ISE ho kena ho Secure Network Analytics.
Pele o Qala
Pele o qala litaelo tsena, kenya le ho lokisa ISE o sebelisa litaelo tse tokomaneng ea ISE bakeng sa enjine ea hau. Sena se kenyelletsa ho netefatsa hore litifikeiti tsa hau li setiloe ka nepo.
Mabitso a basebelisi
Hore na o lokisa mabitso a basebelisi u le hole (ho ISE) kapa sebakeng sa heno (ho Motsamaisi), etsa bonnete ba hore mabitso ohle a basebelisi aa ikhetha. Ha re khothaletse ho kopitsa mabitso a basebelisi ho li-server tse hole le Sireletsehile Network Analytics.
Mabitso a Phethahetseng a Basebelisi: Haeba mosebelisi a kena ho Motsamaisi, 'me a e-na le lebitso le tšoanang la mosebelisi le hlophisitsoeng ho Secure Network Analytics le ISE, ba tla fihlella data ea bona ea Mookameli / Sireletsehile Network Analytics feela. Ha ba khone ho fihlella data ea bona e hole ea TACACS+ haeba lebitso la bona la mosebelisi le kopitsoe.
Mabitso a Mabitso a Basebelisi: Ha o lokisa basebelisi ba hole, etsa hore ho be le kutloisiso ho seva se hole. Haeba u sa khone ho utloisisa boemo ho seva se hole, basebelisi ba kanna ba se khone ho fihlella data ea bona ha ba kena ho Secure Network Analytics.
Likarolo tsa Basebelisi
Bakeng sa setsebi se seng le se seng sa TACACS+file ho ISE, o ka abela karolo ea Mookameli oa Mathomo kapa oa theha motsoako oa likarolo tseo e seng tsa batsamaisi.
Haeba u abela karolo ea Tsamaiso ea Mathomo ho pro shellfile, ha ho likarolo tse ling tse lumelloang. Haeba o theha motsoako oa likarolo tseo e seng tsa admin, etsa bonnete ba hore e fihlela litlhoko. Bakeng sa tlhaiso-leseling e batsi mabapi le likarolo tsa basebelisi, sheba ho User Roles Overview.
1. Numella Tsamaiso ea Sesebelisoa ho ISE
Sebelisa litaelo tse latelang ho kenya ts'ebeletso ea TACACS+ ho ISE.
1. Kena ho ISE ea hau u le admin. 2. Kgetha Ditsi tsa Mosebetsi > Tsamaiso ya Sesebediswa > Hofetaview.

- 12 -

1. Lokisa TACACS+ ho ISE
Haeba Tsamaiso ea Sesebelisoa e sa bontšoa Litsing tsa Mosebetsi, e-ea ho Tsamaiso> Sistimi> License. Karolong ea Lilaesense, netefatsa hore Laesense ea Tsamaiso ea Sesebelisoa e bontšitsoe. Haeba e sa bonts'e, kenya laesense akhaonteng ea hau. 3. Kgetha Ho tsamaiswa.
4. Khetha Li-Node Tsohle tsa Litšebeletso tsa Pholisi kapa Li-Node tse khethehileng. 5. Lebaleng la Maemakepe a TACACS, kenya 49.

6. Tobetsa Boloka.
2. Etsa TACACS + Profiles
Sebelisa litaelo tse latelang ho kenya TACACS+ shell profiles ho ISE. U tla boela u sebelise litaelo tsena ho fana ka likarolo tse hlokahalang ho pro shellfile.
1. Khetha Litsi tsa Mosebetsi > Tsamaiso ea Sesebediswa > Lintlha tsa Pholisi. 2. Khetha Liphetho > TACACS Profiles. 3. Tobetsa Add. 4. Lebaleng la Lebitso, kenya lebitso le ikhethang la mosebelisi.
Bakeng sa lintlha tse mabapi le mabitso a basebelisi sheba ho User Roles Overview.

- 13 -

1. Lokisa TACACS+ ho ISE
5. Tlas'a Mofuta o Tloaelehileng oa Mosebetsi, khetha Shell. 6. Karolong ea Custom Attributes, tobetsa Eketsa. 7. Sebakeng sa Mofuta, khetha E tlamehang. 8. Lebaleng la Lebitso, kenya karolo. 9. Sebakeng sa Bohlokoa, kenya boleng ba boleng bakeng sa Mookameli oa Pele kapa u hahe motsoako
ea likarolo tseo e seng tsa batsamaisi. l Boloka: Tobetsa konopo ea Check ho boloka karolo. l Motsoako oa Mesebetsi eo e seng ea Tsamaiso: Haeba u theha motsoako oa likarolo tseo e seng tsa batsamaisi, pheta mehato ea 5 ho isa ho 8 ho fihlela u kentse mola bakeng sa karolo ka 'ngoe e hlokahalang (Karolo ea data, Web karolo, le karolo ea Client ea Desktop).

- 14 -

1. Lokisa TACACS+ ho ISE

Karolo ea Tsamaiso ea mantlha
Primary Admin can view ts'ebetso eohle le ho fetola eng kapa eng. Haeba u abela karolo ea Tsamaiso ea Mathomo ho pro shellfile, ha ho likarolo tse ling tse lumelloang.

Karolo e ka sehloohong Admin

Boleng Boleng cisco-stealthwatch-master-admin

Motsoako oa Likarolo tseo e seng tsa Tsamaiso
Haeba u theha motsoako oa likarolo tseo e seng tsa admin bakeng sa pro shell ea haufile, etsa bonnete ba hore e kenyelletsa tse latelang:
l 1 Karolo ea data (feela): etsa bonnete ba hore u khetha karolo e le 'ngoe feela ea data l 1 kapa ho feta Web karolo l 1 kapa ho feta karolo ea Desktop Client

Likarolo Tse Hlokehang 1 Karolo ea data (feela)
1 kapa ho feta Web karolo
Karolo e 1 kapa ho feta ea Desktop Client

Haeba u abela karolo ea Tsamaiso ea Mathomo ho pro shellfile, ha ho likarolo tse ling tse lumelloang. Haeba o theha motsoako oa likarolo tseo e seng tsa admin, etsa bonnete ba hore e fihlela litlhoko.
10. Tobetsa Boloka. 11. Pheta mehato ho 2. Etsa TACACS+ Profiles ho eketsa TACACS+ efe kapa efe e eketsehileng
khetla profiles ho ISE.

- 15 -

1. Lokisa TACACS+ ho ISE
Pele o tsoela pele ho 3. Map Shell Profiles ho Lihlopha kapa Basebelisi, u hloka ho theha Basebelisi, Sehlopha sa Boitsebiso ba Basebelisi (boikhethelo), le lihlopha tsa litaelo tsa TACACS+. Bakeng sa litaelo tsa mokhoa oa ho theha Basebelisi, Sehlopha sa Boitsebiso ba Basebelisi, le li-TACACS+ litaelo, sheba litokomane tsa ISE bakeng sa enjine ea hau.
3. 'Mapa Shell Profiles ho Lihlopha kapa Basebelisi
Sebelisa litaelo tse latelang ho etsa 'mapa oa pro shell ea haufiles ho melao ea hau ea tumello.
1. Khetha Litsi tsa Mosebetsi > Tsamaiso ea Lisebelisoa > Lisebelisoa tsa Leano la Tsamaiso ea Lisebelisoa. 2. Fumana lebitso la sete ya pholisi ya hao. Tobetsa letšoao la Arrow. 3. Fumana leano la hau la tumello. Tobetsa letšoao la Arrow. 4. Tobetsa letšoao la + Plus.

5. Lebaleng la Maemo, tobetsa letšoao la + Plus. Lokisa maemo a leano.
l Sehlopha sa Boitsebiso ba Basebelisi: Haeba u se u hlophisitse sehlopha sa boitsebiso ba basebelisi, u ka theha boemo bo kang "InternalUser.IdentityGroup".
Bakeng sa mohlalaample, “InternalUser.IdentityGroup E EQUALS ” ho tsamaisana le sehlopha se itseng sa boitsebiso ba mosebedisi.
l Mosebelisi ka Mong: Haeba u lokiselitse mosebelisi ka mong, u ka etsa boemo bo kang "InternalUser.Name".
Bakeng sa mohlalaample, “Internal User.Name EQUALS ” ho tsamaisana le mosebelisi ea itseng.

- 16 -

1. Lokisa TACACS+ ho ISE
Thuso: Bakeng sa litaelo tsa Studio Conditions, tobetsa ea ? Letšoao la thuso.
6. Ho Shell Profiles, khetha shell profile o entse ka 2. Theha TACACS+ Profiles.
7. Pheta mehato ho 3. Map Shell Profiles ho Lihlopha kapa Basebelisi ho fihlela u entse 'mapa oa likhetla tsohlefiles ho melao ea hau ea tumello.

- 17 -

1. Lokisa TACACS+ ho ISE
4. Eketsa Secure Network Analytics e le Sesebelisoa sa Marang-rang
1. Kgetha Tsamaiso > Lisebelisoa tsa Netweke > Lisebelisoa tsa Netweke. 2. Khetha Network Devices, tobetsa + Add. 3. Tlatsa lintlha tsa Mookameli oa hau oa mantlha, ho kenyeletsoa le mafapha a latelang:
l Lebitso: Kenya lebitso la Mookameli oa hau. l Aterese ea IP: Kenya aterese ea IP ea Motsamaisi. l Lekunutu le Abelanoeng: Kenya senotlolo se arolelanoang sa lekunutu. 4. Tobetsa Boloka. 5. Tiisa hore sesebelisoa sa marang-rang se bolokiloe lethathamong la Lisebelisoa tsa Network.
6. Eya ho 2. Numella TACACS+ Authorization ho Secure Network Analytics.

- 18 -

2. Numella tumello ea TACACS+ ho Secure Network Analytics

2. Numella tumello ea TACACS+ ho Secure Network Analytics
Sebelisa litaelo tse latelang ho kenya seva ea TACACS+ ho Secure Network Analytics le ho lumella tumello ea hole.
Ke Mookameli oa Pele feela ea ka kenyang seva sa TACACS+ ho Secure Network Analytics.

O ka eketsa seva e le 'ngoe feela ea TACACS+Tshebeletsong ea netefatso ea TACACS+.
1. Kena ho Mookameli oa hau oa mantlha. 2. Ho tswa ho menu e kgolo, kgetha Hlophisa > Global > Taolo ya mosebedisi. 3. Tobetsa tab ya Netefatso le Tumello. 4. Tobetsa Create. Khetha Tšebeletso ea Netefatso. 5. Tobetsa ho theoha ha Tšebeletso ea Tiiso. Khetha TACACS+. 6. Qetella likarolo:

Tlhaloso ea Lebitso la Tšebeletso ea Tšimo ea Tiiso
Nako ea Cache (Metsotsoana)
Sehlongoapele

Lintlha
Kenya lebitso le ikhethileng ho tsebahatsa seva.
Kenya tlhaloso e hlalosang hore na seva e sebelisoa joang kapa hobaneng.
Nako ea nako (ka metsotsoana) eo lebitso la mosebedisi kapa password e nkoang e sebetsa pele Sireletsehile Network Analytics e hloka ho kenngoa hape ha boitsebiso.
Sebaka sena ke boikhethelo. Khoele ea pele e behiloe qalong ea lebitso la mosebelisi ha lebitso le romelloa ho seva sa RADIUS kapa TACACS+. Bakeng sa mohlalaample, ha lebitso la mosebedisi e le zoe mme sehlongwapele sa realm ke DOMAIN-

- 19 -

Sehlongoamane
Senotlolo sa Lekunutu sa Boemakepe ba Aterese ea IP

2. Numella tumello ea TACACS+ ho Secure Network Analytics
A, lebitso la mosebelisi DOMAIN-Azoe le romelloa ho seva. Haeba u sa lokise sebaka sa Prefix, ke lebitso la mosebelisi feela le romelloang ho seva.
Sebaka sena ke boikhethelo. Khoele ea suffix e behiloe qetellong ea lebitso la mosebelisi. Bakeng sa mohlalaample, haeba suffix ke @mydomain.com, lebitso la mosebelisi zoe@mydomain.com le romelloa ho seva sa TACACS+. Haeba u sa lokise sebaka sa Suffix, ke lebitso la mosebelisi feela le romelloang ho seva.
Sebelisa liaterese tsa IPv4 kapa IPv6 ha u lokisa lits'ebeletso tsa netefatso.
Kenya linomoro leha e le life ho tloha ho 0 ho isa ho 65535 tse lumellanang le boema-kepe bo sebetsang.
Kenya senotlolo sa lekunutu se neng se etselitsoe seva se sebetsang.

7. Tobetsa Boloka. Seva e ncha ea TACACS+ e ea eketsoa, le tlhaiso-leseling bakeng sa lipontšo tsa seva.
8. Tobetsa menu ya Liketso bakeng sa seva sa TACACS+. 9. Kgetha Numella Tumello ya Remote ho tswa ho menu e theoha. 10. Latela litaelo tse skrineng ho lumella TACACS+.

- 20 -

3. Lekola Remote TACACS + User Login
3. Lekola Remote TACACS + User Login
Sebelisa litaelo tse latelang ho kena ho Mookameli. Bakeng sa tumello ea TACACS+ e hole, etsa bonnete ba hore basebelisi bohle ba kena ka Motsamaisi.
Ho kena ka har'a sesebelisoa ka kotloloho le ho sebelisa Tsamaiso ea Lisebelisoa, kena sebakeng sa heno. 1. Karolong ea liaterese ea sebatli sa hau, ngola se latelang:
https:// followed by the IP address of your Manager.
2. Kenya lebitso la mosebelisi le password ea mosebelisi ea hole oa TACACS+. 3. Tobetsa Kena.
Haeba mosebelisi a sa khone ho kena ho Motsamaisi, review karolo ea Tharollo ea Mathata.

- 21 -

Ho batle phoso

Ho batle phoso
Haeba u kopana le e 'ngoe ea maemo ana a ho rarolla mathata, ikopanye le molaoli oa hau ho boelaview tlhophiso le litharollo tseo re faneng ka tsona mona. Haeba mookameli oa hau a sa khone ho rarolla mathata, ka kopo ikopanye le Cisco Support.
Scenarios

Boemo Mosebelisi ea itseng oa TACACS+ ha a khone ho kena
Basebelisi bohle ba TACACS+ ha ba khone ho kena

Lintlha
l Review Tlaleho ea Litlhahlobo bakeng sa ho hloleha ho kena ha basebelisi ka 'Mapa o seng Molaong kapa Motsoako o Fosahetseng oa Mesebetsi. Sena se ka etsahala haeba sehlopha sa identity shell profile e kenyelletsa Mookameli oa Mathomo le likarolo tse ling, kapa haeba motsoako oa mesebetsi eo e seng ea tsamaiso e sa finyelle litlhoko. Sheba Likarolo tsa Basebelisi Ho Fetisisaview bakeng sa lintlha.
l Etsa bonnete ba hore lebitso la mosebelisi la TACACS+ ha le tšoane le lebitso la mosebelisi la sebakeng seo (Secure Network Analytics). Sheba Likarolo tsa Basebelisi Ho Fetisisaview bakeng sa lintlha.
l Lekola tlhophiso ea TACACS+ ho Secure Network Analytics.
l Lekola tlhophiso ho seva sa TACACS+.
l Etsa bonnete ba hore seva sa TACACS+ se ntse se sebetsa. l Netefatsa hore tshebeletso ya TACACS+ e kentswe tshebetsong
Sireletsehile Network Analytics: l Ho ka ba le li-server tse ngata tsa netefatso tse hlalosoang, empa e le 'ngoe feela e ka fuoang tumello. Sheba 2.
Numella tumello ea TACACS+ ho Sireletsehile Network Analytics bakeng sa lintlha. l Ho nolofalletsa tumello bakeng sa seva e itseng ea TACACS+, sheba ho 2. Noble
Tumello ea TACACS+ ho Sireletsehile Network Analytics bakeng sa lintlha.

- 22 -

Ho batle phoso

Ha mosebelisi a kena, a ka fihlella Mookameli feela sebakeng sa heno

Haeba mosebelisi a le teng ea nang le lebitso le tšoanang ho Sireletsehile Network Analytics (lehae) le seva sa TACACS+ (hole), ho kena ha sebaka sa hau ho feta sebaka sa ho kena sa remoutu. Sheba Likarolo tsa Basebelisi Ho Fetisisaview bakeng sa lintlha.

- 23 -

Ho ikopanya le Tšehetso
Ho ikopanya le Tšehetso
Haeba o hloka tšehetso ea tekheniki, ka kopo etsa e 'ngoe ea tse latelang: l Ikopanye le Cisco Partner ea hau ea sebakeng sa heno l Iteanye le Cisco Support l Ho bula nyeoe ka web: http://www.cisco.com/c/en/us/support/index.html l Bakeng sa tšehetso ea mohala: 1-800-553-2447 (US) l Bakeng sa linomoro tsa tšehetso lefatšeng ka bophara: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

- 24 -

Fetola Histori

Tokomane Version 1_0

Letsatsi la Phatlalatso la Phato 21, 2025

Fetola Histori
Tlhaloso Phetolelo ea pele.

- 25 -

Litaba tsa Copyright
Cisco le logo ea Cisco ke matšoao a khoebo kapa matšoao a ngolisitsoeng a Cisco le/kapa mafapha a eona a US le linaheng tse ling. Ho view lethathamo la matšoao a khoebo a Cisco, e ea ho sena URL: https://www.cisco.com/go/trademarks. Matshwao a kgwebo a batho ba bang a boletsweng ke thepa ya beng ba ona. Tšebeliso ea lentsoe molekane ha e bolele kamano ea tšebelisano pakeng tsa Cisco le k'hamphani efe kapa efe. (1721R)
© 2025 Cisco Systems, Inc. le/kapa mekhatlo e amanang le eona. Litokelo tsohle li sirelelitsoe.

Litokomane / Lisebelisoa

Cisco TACACS + Sireletsehile Network Analytics [pdf] Bukana ea Mosebelisi
7.5.3, TACACS Secure Network Analytics, TACACS, Secure Network Analytics, Network Analytics, Analytics

Litšupiso

Bukana ea Mosebelisi

Cisco TACACS+ Secure Network Analytics User Guide

TACACS + Sireletsehile Network Analytics

Litlhaloso

Tlhahisoleseding ya Sehlahiswa

Litaelo tsa Tšebeliso ea Sehlahisoa

Selelekela

Bamameli

Terminology

Ho lumellana

Tsamaiso ea Karabelo

Failover

LBH

P: Na TACACS+ e ka sebelisoa ha Compliance Mode e nolofalitsoe?

Litokomane / Lisebelisoa

Litšupiso

Tlohela maikutlo

Hlakola karabo