Authentication Authorization and Accounting “AAA”

 
 

Command

Purpose

Step 1

Router(config)# aaa new-model

Enables AAA globally.

Step 2

Router(config)# aaa authentication login {default |list-name} method1 [method2…]

Creates a local authentication list.

Step 3

Router(config)# line [aux | console | tty | vty]line-number [ending-line-number]

Enters line configuration mode for the lines to which you want to apply the authentication list.

Step 4

Router(config-line)# login authentication

{default | list-name}

Applies the authentication list to a line or set of lines.

 
AAA Authentication Login Methods 

Keyword

Description

enable

Uses the enable password for authentication.

krb5

Uses Kerberos 5 for authentication.

krb5-telnet

Uses Kerberos 5 Telnet authentication protocol when using Telnet to connect to the router. If selected, this keyword must be listed as the first method in the method list.

line

Uses the line password for authentication.

local

Uses the local username database for authentication.

local-case

Uses case-sensitive local username authentication.

none

Uses no authentication.

group radius

Uses the list of all RADIUS servers for authentication.

group tacacs+

Uses the list of all TACACS+ servers for authentication.

groupgroup-name

Uses a subset of RADIUS or TACACS+ servers for authentication as defined by the aaa group server radius or aaa group server tacacs+ command.

Click here for more reference 🙂

Leave a Comment