• Home
  • Archive
  • Disclosure
    • Disclaimer
    • Comment Policy
    • Privacy Policy
  • Just Three
  • Contact
    • Who Am I ?
    • What does Ethereal Mind mean ?

EtherealMind

Software Defined & Intent Based Networking

You are here: Home / Blog / Citrix Branch Repeater Authentication with Cisco TACACS+

Citrix Branch Repeater Authentication with Cisco TACACS+

4th March 2011 By John McManus Filed Under: Blog, Operation

I have been looking about for documentation on how to configure TACACS authentication with a Citrix Branch Repeater, however so far I have only been able to find documentation for NetScaler. So I have setup a LAB and decided to write the documentation myself.

For those who cannot be bothered to read this post there is a video link at the bottom of this post with a walkthrough.

 

My LAB

VMWARE Server Running Windows Server Standard 2003 SP2 + Trial Version of ACS3.2 from Cisco

ESX Server 4.1 Running CitrixBranchRepeaterVPX-RC-5.6.1.43 Trial from Citrix via the VMWARE Virtual Appliance Marketplace.

ACS Server 192.168.1.50
Citrix Branch Repeater 192.168.1.223

 

Citrix Branch Repeater

This could not be easier. Simpler goto [Security]->[Manage Users]

  • Select the TACACS+ Authentication TAB
  • Click the Checkbox [Enable TACACS+ Authentication]
  • Enter your ACS IP Address [Your ACS IP address]
  • Authntication port : [49] Default
  • Your Shared Secret :[Your Secret Key]
  • Use Encryption : [Checked by Default]

Click [Update]

ACS Sever

On Network Configuration

  • Click [Add Entry]
  • AAA Client Hostname : [A hostname, does not have to match the CBR]
  • AAA IP Address :[The actual IP address of the CBR]
  • Key :[Your Shared Secret]
  • Authenticate Using [TACACS+ (CiscoIOS) – Default
  • Other check boxes are left blank
  • Click [Submit+Restart]

 

If you already have a TACACS user account, try logging into the CBR and you should have read only access, so does anyone with a TACACS account apparently!

 

User Setup

Nothing special, except the user needs to be assigned to a group with EXEC access and level 15 privileges before they can have full admin access to the CBR.

 

Group setup

You need to:

  • Check [Shell (exec)]
  • Check [Privedge Level] and set to [15]
  • Click [submit + restart]

Note: You could also set this up against the individual user.

 

Logout and back into the CBR and now you should have full admin access.

 

Here is a video of how to do this.

CBR and TACACS+

 

Summary

I was not able to find any documentation on how to configure the Citrix Branch Repeater with Cisco’s TACACS+ so I have setup a lab and worked it out for myself. What I would say it that setting up EXEC mode and Priveledge 15 could break the way you currently logon to devices using TACACS+, so be careful.

 

 

 

Comments

  1. Brannen says

    4th March 2011 at 18:51 +0000

    Kudos. I haven’t been very impressed with Citrix docs – for Wanscaler and Netscaler.

Network Break Podcast

Network Break is round table podcast on news, views and industry events. Join Ethan, Drew and myself as we talk about what happened this week in networking. In the time it takes to have a coffee.

Packet Pushers Weekly

A podcast on Data Networking where we talk nerdy about technology, recent events, conduct interviews and more. We look at technology, the industry and our daily work lives every week.

Our motto: Too Much Networking Would Never Be Enough!

Find Me on Social Media

  • LinkedIn
  • RSS
  • Twitter
  • YouTube

Return to top of page

Copyright Greg Ferro 2008-2019 - Thanks for reading my site, it's been good to have you here.

Opinions, Views and Ideas expressed here are my own and do not represent any employer, vendor or sponsor.Full disclosure