EtherealMind

Software Defined & Intent Based Networking

You are here: Home / Blog / Citrix Branch Repeater Authentication with Cisco TACACS+

Citrix Branch Repeater Authentication with Cisco TACACS+

By Filed Under: Blog, Operation

I have been looking about for documentation on how to configure TACACS authentication with a Citrix Branch Repeater, however so far I have only been able to find documentation for NetScaler. So I have setup a LAB and decided to write the documentation myself.

For those who cannot be bothered to read this post there is a video link at the bottom of this post with a walkthrough.

 

My LAB

VMWARE Server Running Windows Server Standard 2003 SP2 + Trial Version of ACS3.2 from Cisco

ESX Server 4.1 Running CitrixBranchRepeaterVPX-RC-5.6.1.43 Trial from Citrix via the VMWARE Virtual Appliance Marketplace.

ACS Server 192.168.1.50
Citrix Branch Repeater 192.168.1.223

 

Citrix Branch Repeater

This could not be easier. Simpler goto [Security]->[Manage Users]

  • Select the TACACS+ Authentication TAB
  • Click the Checkbox [Enable TACACS+ Authentication]
  • Enter your ACS IP Address [Your ACS IP address]
  • Authntication port : [49] Default
  • Your Shared Secret :[Your Secret Key]
  • Use Encryption : [Checked by Default]

Click [Update]

ACS Sever

On Network Configuration

  • Click [Add Entry]
  • AAA Client Hostname : [A hostname, does not have to match the CBR]
  • AAA IP Address :[The actual IP address of the CBR]
  • Key :[Your Shared Secret]
  • Authenticate Using [TACACS+ (CiscoIOS) – Default
  • Other check boxes are left blank
  • Click [Submit+Restart]

 

If you already have a TACACS user account, try logging into the CBR and you should have read only access, so does anyone with a TACACS account apparently!

 

User Setup

Nothing special, except the user needs to be assigned to a group with EXEC access and level 15 privileges before they can have full admin access to the CBR.

 

Group setup

You need to:

  • Check [Shell (exec)]
  • Check [Privedge Level] and set to [15]
  • Click [submit + restart]

Note: You could also set this up against the individual user.

 

Logout and back into the CBR and now you should have full admin access.

 

Here is a video of how to do this.

CBR and TACACS+

 

Summary

I was not able to find any documentation on how to configure the Citrix Branch Repeater with Cisco’s TACACS+ so I have setup a lab and worked it out for myself. What I would say it that setting up EXEC mode and Priveledge 15 could break the way you currently logon to devices using TACACS+, so be careful.

 

 

 

Comments

Network Break Podcast

Network Break is round table podcast on news, views and industry events. Join Ethan, Drew and myself as we talk about what happened this week in networking. In the time it takes to have a coffee.

Packet Pushers Weekly

A podcast on Data Networking where we talk nerdy about technology, recent events, conduct interviews and more. We look at technology, the industry and our daily work lives every week.

Our motto: Too Much Networking Would Never Be Enough!

Find Me on Social Media