Scribd Logo
Upload

Welcome to Scribd!

  • 03 Config For AAA

    Uploaded by

    Kah Khen Chai
    19 views2 pages

    Original Title

    03 Config for AAA

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views2 pages

    03 Config For AAA

    Uploaded by

    Kah Khen Chai

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Terms:

    Remote Authentication Dial In User Service


    Terminal Access Controller Access Control System
    Commands:
    enable
    Configure terminal
    ! Create a local admin for safety
    ! Note: for all production passwords
    ! follow best practices for length
    ! and complexity
    username admin privilege 15 secret cisco
    username bob privilege 1 secret cisco
    ! Configure the privilege 15 secret
    enable secret cisco
    ! Enable AAA
    aaa new-model
    ! Specify where the AAA server is,
    ! and which protocol to use (TACACS+ in this case)
    tacacs-server host 192.168.1.252
    ! Specify the Key to use for encryption
    ! between the client (this router) and the AAA
    ! TACACS+ server
    tacacs-server key cisco123
    ! Create a default method list and specify that
    ! we want to try one of the AAA servers as our
    ! first method in the list, and then if that times
    ! out, we want to use the local database, and if the
    ! user isn't in the local database, require the
    ! enable secret for access
    aaa authentication login default group tacacs+ local
    ! Create a custom method list, that if used,
    ! will have no authentication required at all
    ! (Just in the lab)
    aaa authentication login FREE-BIRD none
    ! Lets apply the FREE-BIRD method list to the
    ! Console (to make it easy on me ;)
    line console 0
    login authentication FREE-BIRD
    ! (This method list applies only
    ! to the console 0). The default will apply
    ! to the other Lines, such as VTY and AUX.
    ! Lets set up a couple authorization method lists
    ! We will use custom lists (not a default one)
    ! because we don't want this to apply everywhere
    ! (just on our VTY lines for this demo)
    exit

    aaa authorization commands 1 TAC1 group tacacs+ local


    aaa authorization commands 15 TAC15 group tacacs+ local
    ! This next command is required for the IOS
    ! to check for authorization for commands
    ! issued within configuration mode
    aaa authorization config-commands
    ! Lets create some accounting method lists as well
    aaa accounting commands 1 TAC-act1 start-stop group tacacs+
    aaa accounting commands 15 TAC-act15 start-stop group tacacs+
    ! Lets apply the authorization and accounting custom
    ! method lists just to the VTY lines
    ! Note: default login authentication method list
    ! already applies to these VTY lines
    line vty 0 4
    authorization commands 1 TAC1
    authorization commands 15 TAC15
    accounting commands 1 TAC-act1
    accounting commands 15 TAC-act15

    Simple test:
    enable
    conf t
    enable secret cisco
    aaa new-model
    aaa authentication login default enable
    do debug aaa authentication
    do telnet 10.1.0.1

    You might also like