Multiservice Networking, IPX Networking, and Security - CCIE Routing and Switching Exam Certification Guide

Information Technology Reference

In-Depth Information

This guide does not cover every AAA configuration option. The following are configurations

that use TACACS+ and RADIUS.

Example 12-3 shows AAA with TACACS+. The first command enables AAA. The second

command configures the router to use the TACACS+ server for authentication. The following

commands configure parameters for authorization and accounting by using the TACACS+

server. The tacacs-server command provides the IP address of the TACACS+ server and the

key. The commands under line con 0 disable AAA on the console.

Example 12-3 Router Configuration Example for AAA Using TACACS+

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login NO_AUTHEN none

aaa authentication ppp default if-needed group tacacs+ local

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization exec NO_AUTHOR none

aaa authorization commands 15 default group tacacs+

aaa authorization commands 15 NO_AUTHOR none

aaa accounting exec default stop-only group tacacs+

aaa accounting commands 15 default stop-only group tacacs+

aaa accounting network default start-stop group tacacs+

!

username admin privilege 15 password 7 xxxxxxxxxxxxx

username diallocal access-class 110 password 7 xxxxxxxxxxx

username diallocal autocommand ppp

!

tacacs-server host 172.22.53.204

tacacs-server key ciscorules

!

line con 0

authorization commands 15 NO_AUTHOR

authorization exec NO_AUTHOR

login authentication NO_AUTHEN

transport input none

Example 12-4 shows AAA with RADIUS. The first command enables AAA. The second

command configures the router to use the RADIUS server for authentication. The following

commands configure parameters for authorization and accounting by using the RADIUS server.

The radius-server host command provides the IP address and RADIUS key. The commands

under line con 0 disable AAA on the console.

Example 12-4 Router Configuration Example for AAA Using RADIUS

aaa new-model

aaa authentication login default group radius local

aaa authentication login NO_AUTHEN none

aaa authentication ppp default if-needed group radius local

aaa authorization exec default group radius if-authenticated

aaa authorization exec NO_AUTHOR none

CCIE Routing and Switching Exam Certification Guide

Search WWH ::

Custom Search

Home