May 23, 2016 at 15:36Tacacs daemon GUI - TacacsGUI
I want to introduce you to the graphical interface for the tacacs daemon (link at the end of the post). Fortunately or unfortunately, I am the developer of this project, which took about 3 months. This project is focused on Cisco devices, and has not been tested on devices from other manufacturers (but according to man tacacs , there is support from other manufacturers, for example, Juniper).
Let's see what this “interface” (further TacacsGUI ) can do:
At the moment, the system was tested in a laboratory created using UNetLab , and was also deployed at one of the enterprises. The project remains "liquid", there is something to complete / redo / improve, but it works. There are also plans to make Path Searcher a utility that, based on the information received from CDP MapMaker and Subnet Searcher , will draw a route between two nodes on the network, and this will not be just a trace, because the circuit will contain switches and other devices that can be manually added by the user. In addition, it is planned to write an “engine” that will analyze the ACL in this way in the path searcher diagram.Information will appear on what rule the packet was missed / blocked. But so far this is only in the plans.
If you have become a happy user and have found a bug or a little mistake (English is not perfect for me), then you can use the contact information on the site, keep in mind, I understand English and Russian, but Russian is slightly better.
The project website can be found here -> www.tacacsgui.com . Good to all!
05/23/2016 - grammar errors fixed.
Let's see what this “interface” (further TacacsGUI ) can do:
- Able to create configuration for tacacs daemon, this is the main goal of creating a project. TacacsGUI doesn’t just create a configuration, it simplifies the configuration of tacacs - automatic password encryption (unfortunately, tac_pwd can only des), setting access rules for a group of users, preview and mini-debug, in case of configuration errors. At the moment, there is no support for LDAP, groups, and some other usefulnesses.
- TacacsGUI is also equipped with some useful utilities, all of which work with the device database, which is used to create the tacacs configuration file. Each utility has its own user, with certain access rights, by default, users are turned off. Let's start with the first utility - Backup Maker . Immediately from the name you can guess what this utility is for. It should be noted that it works exclusively with Cisco devices (like all other utilities). Backup Maker makes backups with a pre-configured frequency, a command is executed on the equipment
copy startup-config tftp:, and it is possible to save the configuration before backup. Unfortunately, for now, the TacacsGUI server itself must act as the TFTP server ., which collects all backups into a convenient database (IMHO). It is possible to automatically merge all backups, but more on that in a separate paragraph (the penultimate paragraph).
- Subnet Searcher is another utility that helps you identify configured subnets on devices, as well as the ability to guess the Vlan number for the subnet. A little more about the utility. Subnet Searcher enters the device and executes the command
show runn | in (rface|dress|encap), based on the information about the ip address and subnet mask ( secondary ip are also taken into account), the subnet number is calculated, if the interface is called Vlan or there is an encapsulation line , then vlan is determined. As a result, we get a database of known subnets on the network + Vlan number (if it was noticed) + for each subnet there is a list of participants.
- CDP MapMaker is a utility that builds a network topology based on information received from CDP. This utility uses the same JavaScript library ( jsPlumb ) as UNetLab (a very cool emulator), so there are some similarities. In fact, this utility is divided into two “engines”: CDP Search and MapMaker . CDP Search collects information from all devices and creates a temporary database, which MapMaker subsequently uses . In addition to automatically creating a topology, it is possible to manually add network elements and establish links. There is also an export, but only to an XML file, which can be opened using the draw.io service .
- It is possible to create users to manage TacacsGUI , so far without restricting access rights. User actions and unauthorized access attempts are logged. It is also possible to backup all settings, the tacacs configuration file and all backups made using Backup Maker , while there is a choice where (FTP, SCP, Win Share) and when to dump the backup.
- Naturally, the information stored on this server must be transmitted between the user and the server via https. Configuring https is very simple using the script provided on the site. Also, if you want https to glow “green”, you need to make a DNS record for your server - tacacs.gui and install the root certificate, more on the site.
At the moment, the system was tested in a laboratory created using UNetLab , and was also deployed at one of the enterprises. The project remains "liquid", there is something to complete / redo / improve, but it works. There are also plans to make Path Searcher a utility that, based on the information received from CDP MapMaker and Subnet Searcher , will draw a route between two nodes on the network, and this will not be just a trace, because the circuit will contain switches and other devices that can be manually added by the user. In addition, it is planned to write an “engine” that will analyze the ACL in this way in the path searcher diagram.Information will appear on what rule the packet was missed / blocked. But so far this is only in the plans.
If you have become a happy user and have found a bug or a little mistake (English is not perfect for me), then you can use the contact information on the site, keep in mind, I understand English and Russian, but Russian is slightly better.
The project website can be found here -> www.tacacsgui.com . Good to all!
05/23/2016 - grammar errors fixed.