I want to provide you with a GUI for the tacacs daemon (link at the end of the post). Fortunately or unfortunately, I am the developer of this project, which was spent about 3 months. This project is focused on Cisco devices, and has not been tested on devices from other manufacturers (but according to
man tacacs , there is support from other manufacturers, for example, Juniper).
Let's see what this “interface” (further
TacacsGUI ) is able to:
- Able to create a configuration for the tacacs daemon, this is the main purpose of creating a project. TacacsGUI does not just create a configuration, it simplifies setting up tacacs - automatic password encryption (unfortunately, tac_pwd can only des), setting access rules for a group of users, preview and mini-debug, in case of errors in the configuration. At the moment, there is no support for LDAP, groups and some other usefulness.
')
- TacacsGUI is also equipped with some useful utilities, they all work with the device database, which is used to create the tacacs configuration file. Each utility has its own user, with certain access rights, by default, users are turned off. Let's start with the first utility - Backup Maker . Immediately from the name you can guess what this utility is for. It should be noted that it works exclusively with Cisco devices (like all other utilities). Backup Maker backs up at a pre-configured frequency, the hardware executes the
copy startup-config tftp:
command, and it is possible to save the configuration before backing up. Unfortunately, for now , the TacacsGUI server itself should act as the TFTP server, which collects all the backups into a convenient database (IMHO). It is possible to automatically merge all backups, but about this in a separate paragraph (the penultimate item).
- Subnet Searcher is another utility that helps determine the configured subnets on devices, it is also possible to guess the Vlan number for a subnet. A little more about the work of the utility. Subnet Searcher enters the device and executes the
show runn | in (rface|dress|encap)
show runn | in (rface|dress|encap)
, based on information about the ip address and subnet mask ( secondary ip is also taken into account) calculates the subnet number, if the interface is called Vlan or there is a line encapsulation , then vlan is determined. As a result, we get a database of known subnets on the network + Vlan number (if it was noticed) + there is a list of participants for each subnet.
- CDP MapMaker is a utility that builds a network topology based on information obtained from CDP. This utility uses the same JavaScript library ( jsPlumb ) as UNetLab (a very cool emulator), so there are some similarities. In fact, this utility is divided into two “engines”: CDP Search and MapMaker . CDP Search collects information from all devices and creates a temporary database that MapMaker uses later . In addition to automatically creating a topology, it is possible to manually add network elements and establish links. There is also an export, but only in the XML file, which can be opened using the draw.io service.
- It is possible to create users to manage TacacsGUI , so far, without restricting access rights. Logging of user actions, and unauthorized access attempts. It is also possible to backup all settings, tacacs configuration file and all backups made using Backup Maker , while there is a choice where (FTP, SCP, Win Share) and when to backup.
- Naturally, the information stored on this server must be transferred between the user and the server via https. Configuring https is very simple, using the script presented on the site. Also, if you want that your https lights up "green", you need to make a DNS entry for your server - tacacs.gui and install the root certificate, details on the site.
At the moment, the system was tested in the lab, created with the help of
UNetLab , and was also deployed in one of the enterprises. The project remains "thin", there is something to finish / redo / improve, but it works. We also plan to make
Path Searcher , a utility that, based on information obtained from
CDP MapMaker and
Subnet Searcher , will draw a route between two nodes on the network, and this will not be a simple trace, since On the diagram there will be switches and other devices that can be manually added by the user. In addition, it is planned to write a “engine” that will analyze the
ACL , so the information on what rule the packet was missing / blocked will appear on the diagram in
Path Searcher . But so far it is only in the plans.
If you have become a happy user and have found a bug or “ochepyatku” (my English is not perfect), then you can use the contact information on the website, please note, I understand English and Russian, but Russian is slightly better.
The project site can be found here ->
www.tacacsgui.com . All good!
05/23/2016 - grammar mistakes fixed.