def tacacs_cleanup(dut, tacacs_params):
set_aaa_authentication_properties(dut, 'login', 'local')
set_tacacs_properties(dut, 'default', 'authtype')
set_tacacs_properties(dut, 'default', 'passkey')
set_tacacs_properties(dut, 'default', 'timeout')
set_tacacs_server(dut, 'delete', tacacs_params.hosts[0].ip)
set_aaa_authentication_properties(dut, 'failthrough', 'default')
def test_mgmt_vrf_tacacs():
tacacs_params = st.get_service_info(vars.D1, "tacacs")
if not set_aaa_authentication_properties(vars.D1, 'failthrough', 'enable'):
st.report_fail("authentication failthrough config fail")
set_tacacs_server(vars.D1,
'add',
tacacs_params.hosts[0].ip,
tacacs_params.hosts[0].tcp_port,
tacacs_params.hosts[0].timeout,
tacacs_params.hosts[0].passkey,
tacacs_params.hosts[0].auth_type,
tacacs_params.hosts[0].priority,
use_mgmt_vrf=True)
if not verify_tacacs_server(
vars.D1, tacacs_params.hosts[0].ip,
tacacs_params.hosts[0].tcp_port, tacacs_params.hosts[0].timeout,
tacacs_params.hosts[0].passkey, tacacs_params.hosts[0].auth_type,
tacacs_params.hosts[0].priority):
st.report_fail("Tacacs_server_configs_are_not_successful",
tacacs_params.hosts[0].ip)
set_aaa_authentication_properties(vars.D1, 'login', 'tacacs+ local')
ip_addr = get_ifconfig_inet(vars.D1, 'eth0')
if not ip_addr:
st.report_fail('ip_verification_fail')
if not poll_wait(connect_to_device, 10, ip_addr[0], mgmt_vrf.tacusername,
mgmt_vrf.tacpassword, mgmt_vrf.protocol,
mgmt_vrf.ssh_port):
tacacs_cleanup(vars.D1, tacacs_params)
st.report_fail("mgmt_vrf_tacacs", "failed")
tacacs_cleanup(vars.D1, tacacs_params)
st.report_pass("mgmt_vrf_tacacs", "successful")
def test_ft_tacacs_maximum_servers():
"""
Author: Karthik Kumar Goud Battula([email protected])
This testcase covers the below scenarios
Scenario-1: Verify that more than one TACACS server can be configured on the NAS, upto the maximum number of servers that are allowed.
Scenario-2: Verify that TACACS+ servers with IPv4 and IPv6 address can be added at the same time.
Scenario-3: Verify that Maximum number of TACACS IPv4 servers can be configured on DUT.
Scenario-4: Verify that Maximum number of TACACS IPv6 servers can be configured on DUT.
Scenario-5: Verify the Save and Reload Functionality for TACACS IPv6 feature.
"""
tacacs_obj.set_aaa_authentication_properties(vars.D1, 'login', 'default')
tacacs_params = st.get_service_info(vars.D1, "tacacs")
for i in range(1, 8):
ip_addr = ensure_service_params(vars.D1, "tacacs", "hosts", i, "ip")
priority = ensure_service_params(vars.D1, "tacacs", "hosts", i,
"priority")
tacacs_obj.set_tacacs_server(vars.D1, 'add', ip_addr, data.tcp_port,
data.timeout, data.passkey,
data.auth_type, priority)
if not tacacs_obj.verify_tacacs_details(vars.D1, tacacs_params.hosts):
st.report_fail("Tacacs_server_configs_are_not_successful",
tacacs_params.hosts)
st.report_pass("test_case_passed")
def tacacs_module_hooks(request):
# add things at the start of this module
global vars
vars = st.ensure_min_topology("D1")
tacacs_params = st.get_service_info(vars.D1, "tacacs")
st.log("Getting IP address of the device")
data.clear()
data.hosts = ensure_service_params(vars.D1, "tacacs", "hosts")
data.tacacs_ser_ip_1 = ensure_service_params(vars.D1, "tacacs", "hosts", 0, "ip")
data.tcp_port = ensure_service_params(vars.D1, "tacacs", "hosts", 0, "tcp_port")
data.passkey = ensure_service_params(vars.D1, "tacacs", "hosts", 0, "passkey")
data.priority = ensure_service_params(vars.D1, "tacacs", "hosts", 0, "priority")
data.timeout = ensure_service_params(vars.D1, "tacacs", "hosts", 0, "timeout")
data.auth_type = ensure_service_params(vars.D1, "tacacs", "hosts", 0, "auth_type")
data.tacacs_ser_ip_2 = ensure_service_params(vars.D1, "tacacs", "hosts", 1, "ip")
data.priority_server2 = ensure_service_params(vars.D1, "tacacs", "hosts", 1, "priority")
data.time_out = '10'
data.username = '******'
data.password = '******'
data.protocol = 'ssh'
data.ssh_port = '22'
data.login_type = "tacacs+"
data.failthrough_mode = 'enable'
data.local_username = '******'
data.local_password = '******'
data.local_password2 = 'broadcom'
data.username1 = 'test'
data.password1 = 'test'
data.rw_user = {'username': data.username, 'password': data.password, 'mode': 'rw'}
data.ro_username = ensure_service_params(vars.D1, "radius", "ro_user", "username")
ensure_device_ipaddress()
st.log("Configuring authentication login parameter as tacacs+ and local")
tacacs_obj.set_aaa_authentication_properties(vars.D1, 'login', 'tacacs+ local')
tacacs_obj.set_tacacs_server(vars.D1, 'add', data.tacacs_ser_ip_1, data.tcp_port, data.timeout, data.passkey,
data.auth_type, data.priority)
yield
config_default_tacacs_properties(vars.D1)
st.log("Deleting all TACACS+ servers from the device")
for i in range(0, 8):
tacacs_obj.set_tacacs_server(vars.D1, 'delete', tacacs_params.hosts[i].ip)
st.log("Making AAA parameters to default")
tacacs_obj.set_aaa_authentication_properties(vars.D1, 'login', 'default')
tacacs_obj.set_aaa_authentication_properties(vars.D1, 'failthrough', 'default')
clear_vlan_configuration([vars.D1])
def test_ft_tacacs_enable_disable_failthrough():
"""
Author: Karthik Kumar Goud Battula(karthikkumargoud,[email protected])
This test case covers the below Scenarios
Scenario-1: Verify the functionality of failthrough mechanism by changing the login authentication order
Scenario-2: Verify the functionality of failthrough mechanism when DUT have multiple server with default priority.
"""
tacacs_obj.set_tacacs_server(vars.D1, 'add', data.tacacs_ser_ip_2, data.tcp_port, data.timeout, data.passkey,
data.auth_type, data.priority_server2)
st.log(
"Trying to SSH to the device using local credetails when login method set to TACACS+ and local and fail through mode is not enabled")
if ssh_obj.connect_to_device(data.ip_address, data.local_username, data.local_password, data.protocol,
data.ssh_port, alt_password=data.local_password2):
st.report_fail("Login_to_DUT_via_SSH_is_failed")
st.log(
"Trying to SSH to the device using TACACS+ credetails when login method set to TACACS+ and local and fail through mode is not enabled")
if not ssh_obj.connect_to_device(data.ip_address, data.username, data.password, data.protocol):
debug_info("test_ft_tacacs_enable_disable_failthrough", data.tacacs_ser_ip_1)
st.report_fail("Login_to_DUT_via_SSH_is_failed")
st.log("Setting login authentication to local and tacacs+")
tacacs_obj.set_aaa_authentication_properties(vars.D1, 'login', 'local tacacs+')
st.log(
"Trying to SSH to the device using local credetails when login method set to local and TACACS+ and fail through mode is not enabled")
if not ssh_obj.connect_to_device(data.ip_address, data.local_username, data.local_password,
alt_password=data.local_password2):
st.report_fail("Login_to_DUT_via_SSH_is_failed")
st.log(
"Trying to SSH to the device using TACACS+ credetails when login method set to local and TACACS+ and fail through mode is not enabled")
if ssh_obj.connect_to_device(data.ip_address, data.username, data.password, data.protocol, data.ssh_port):
st.report_fail("Login_to_DUT_via_SSH_is_failed")
st.log("Configuring AAA login to tacacs+ and local and enabling failthrough mode")
tacacs_obj.set_aaa_authentication_properties(vars.D1, 'login', 'tacacs+ local')
tacacs_obj.set_aaa_authentication_properties(vars.D1, 'failthrough', 'enable')
st.log(
"Trying to SSH to the device using local credetails when login method set to TACACS+ and local and fail through mode is enabled")
if not ssh_obj.connect_to_device(data.ip_address, data.local_username, data.local_password,
alt_password=data.local_password2):
st.report_fail("Login_to_DUT_via_SSH_is_failed")
st.log(
"Trying to SSH to the device using TACACS+ credetails when login method set to TACACS+ and local and fail through mode is enabled")
if not ssh_obj.connect_to_device(data.ip_address, data.username, data.password, data.protocol, data.ssh_port):
debug_info("test_ft_tacacs_enable_disable_failthrough", data.tacacs_ser_ip_1)
st.report_fail("Login_to_DUT_via_SSH_is_failed")
st.report_pass("test_case_passed")