aaa new-model
This command changes the router model with aaa new model. If aaa server is installed it will use aaa server for authentication, else it will use local database.
If there is no local database, it will use enable passwords
This command changes the router model with aaa new model. If aaa server is installed it will use aaa server for authentication, else it will use local database.
If there is no local database, it will use enable passwords
How do you configure AAA in the Cisco IOS?
Here are the steps to configuring AAA:
- Enable AAA
- Configure authentication, using RADIUS or TACACS+
- Define the method lists for authentication
- Apply the method lists per line/ per interface
It is important to note that Cisco IOS software attempts authentication with the next-listed authentication method only when there is no response from the previous method. If the security server or user database responds by denying the user access, the authentication process and the user will get a denied user prompt. To configure AAA, use the following statement in global configuration mode:
Router(config)# aaa new-model
From this point, most admins start configuring AAA by setting up authentication.
Here is one example of how to configure login authentication using the enable password.
Router(config)# aaa authentication login default enable
In this you want to apply a method list only to a line console. You would create a method list and then apply it .
Router(config)# aaa authentication login default group tacacs+ local
Router(config)# aaa authentication login CON none
Router(config)# line console 0
Router (config-if)# login authentication CON
No comments:
Post a Comment