Decrypt TACACS+ packets using Wireshark |explained Packet header | AAA Request Response body STATUS HD

This video demonstrates how to decrypt TACACS+ packet using wireshark. Checks Authentication Flows ------------------------- The Authentication START Packet Body The Authentication REPLY Packet Body The Authentication CONTINUE Packet Body Description of Authentication Process Aborting an Authentication Session Authorization The Authorization REQUEST Packet Body The Authorization RESPONSE Packet Body Accounting The Account REQUEST Packet Body The Accounting REPLY Packet Body https://www.youtube.com/playlist?list=PLOocymQm7YWZNJ_U_tI2b4LKM5FEm9nEL The above video series demonstrates how to install and configure TACACS+ Server from the beginning , for Authentication ,Authorization and Accounting with Cisco IOS Devices. First video convers how to add TACACS clinet in the server, configure shared secret for encrypting the traffic, add users and user groups in tacacs Server Configure enable password in TACACS+, test enabe passwords in local device config and local password configured in TACACS server Second video covers authorization of TACACS server Create users with different privilege levels 0 1 and 15, check the default command permissions of the users. Configure persission for the command set and test the user privilege with commands Third video covers accounting part. Cerify the TACACS log using "tail -f". Check the real time logs by executing the commands with different privilege levels.Checks the authorization debug output in the console for different user levels. Below are the configurations in Cisco IOS and TACACS+ Server sudo apt-get install tacacs+ sudo service tacacs_plus stop sudo vi /etc/tacacs+/tac_plus.conf netstat -na | grep -i LISTEN Step 01 ----------------- key = cisco host = 10.10.10.10 { prompt = "Welcome to R1 Username:" } ##################################################### user = t1 { member = NETADMIN enable = cleartext t1 login = cleartext t1 } group = NETADMIN { default service = permit service = exec { priv-lvl = 15 } } ###################################################### aaa new-model tacacs-server host 10.10.10.10 tacacs-server key cisco ------------------------------------------------ Logging console debug aaa authorization ############################################ Only authentication : no enable , no authorization, no accounting --------------------------------- aaa authentication login default group tacacs+ local aaa authentication enable default none ############################################ Authentication + enable (local) ------------------------------------ aaa authentication login default group tacacs+ local Enable secret password ############################################ Authentication + enable (tacacs) ------------------------------------- aaa authentication login default group tacacs+ local aaa authentication enable default group tacacs+ ################################################### Authentication+ authorization with Priv-lvl 0 1 and