ITman论坛 AAA实验

ITman
http://www.itman1024.com
AAA
co
AAA
ww
w.
it
ma
n1
02
4.
Administration Control
cisco secure acs HTML interface interface configuration
shell exec
Network configuration AAA client IP Key
ITman
ITman
4.
co
ww
w.
it
ma
n1
02
User Setup shellexec Privilege Level
1 enable AAA
Router(config)#aaa new-model
ITman
ITman
2Configuring TACACS+ and RADIUS clients

TACACS
Router(config)#tacacs-server host ip-address
Router(config)#tacacs-server key word
RADIUS
Router(config)#radius-server host ip-address
Router(config)#radius-server key word
3Configuring AAA authentication

Router(config)#aaa authentication type {default|list-name} method1 [[method4]]
type loginenableppplocal-overridearapnasipassword-prompt
username-prompt
login EXEC
enable
ppp PPP
local-override
4.
co
List type default list

method1 [[method4]]
02
type Method
Method
enable
krb5
Kerberos 5
line
local
none
group radius
RADIUS
group tacacs+
TACACS
krb5-telnet
Telnet Kerberos 5 Telnet
ma
it
ww
w.
if-neede
n1
enable
TTY enable type
4Configuring AAA authorization

Router(config)#aaa authorization type {default|list-name} method1 [[method2]]
type
network
SLIPPPP ARAP
Exec
EXEC
commands level
0 15 EXEC
config-commands
reverse-access
Telnet
Method
if-authenticated
local
none
group radius
RADIUS
group tacacs+
TACACS+
krb5-instance
kerberos instance map
ITman
ITman
List type authentication default list
5Configuring AAA accounting

Router(config)#aaa
accounting
type
{default|list-name}
Record-type
method1
[[method2]]
type
commonds level
0 15
Connection
Telnet rlogin
Exec
EXEC
Network
SLIPPPP ARAP
System
Recordtype
Stop-only
wait-start
start-stop
Method group tacacs+ group radius
4.
List type authentication default list
co
Start-stop
02
(RADIUS authentication
authorization
n1
Building configuration...
ww
w.
it
ma
Current configuration : 4102 bytes

!
version 12.2
aaa new-model
!
!
aaa authentication login TELNET group tacacs+ local enable none
aaa authorization exec TELNET group tacacs+ local
aaa accounting exec TELNET start-stop group tacacs+
aaa accounting commands 15 TELNET start-stop group tacacs+
aaa accounting network TELNET start-stop group tacacs+
aaa accounting connection TELNET start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
enable password 7 070C285F4D060D00161F
!
tacacs-server host 10.2.0.1
tacacs-server key ciscoteam
privilege configure level 7 snmp-server host
privilege configure level 7 snmp-server enable
privilege configure level 7 snmp-server
ITman
ITman
privilege exec level 7 ping

privilege exec level 7 configure terminal
privilege exec level 7 configure
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
ww
w.
it
ma
n1
02
4.
co
line vty 0 4
insecure
authorization exec TELNET
accounting connection TELNET
accounting commands 15 TELNET
accounting exec TELNET
logging synchronous
login authentication TELNET
transport input telnet
!
no scheduler allocate
end
ITman

ITman论坛 AAA实验

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ITman论坛 AAA实验

Uploaded by

Copyright:

Available Formats

ITman

Network configuration AAA client IP Key

User Setup shellexec Privilege Level

2Configuring TACACS+ and RADIUS clients

3Configuring AAA authentication

List type default list

Telnet Kerberos 5 Telnet

TTY enable type

4Configuring AAA authorization

kerberos instance map

List type authentication default list

5Configuring AAA accounting

Method group tacacs+ group radius

List type authentication default list

Current configuration : 4102 bytes

privilege exec level 7 ping

You might also like