Patrick Denis > Cisco > Routing and Switching > Authentication Authorization and Accounting “AAA”
Authentication Authorization and Accounting “AAA”
admin
March 25, 2015
|
Command
|
Purpose
|
Step 1
|
Router(config)# aaa new-model
|
Enables AAA globally.
|
Step 2
|
Router(config)# aaa authentication login {default |list-name} method1 [method2…]
|
Creates a local authentication list.
|
Step 3
|
Router(config)# line [aux | console | tty | vty]line-number [ending-line-number]
|
Enters line configuration mode for the lines to which you want to apply the authentication list.
|
Step 4
|
Router(config-line)# login authentication
{default | list-name}
|
Applies the authentication list to a line or set of lines.
|
AAA Authentication Login Methods
Keyword
|
Description
|
enable
|
Uses the enable password for authentication.
|
krb5
|
Uses Kerberos 5 for authentication.
|
krb5-telnet
|
Uses Kerberos 5 Telnet authentication protocol when using Telnet to connect to the router. If selected, this keyword must be listed as the first method in the method list.
|
line
|
Uses the line password for authentication.
|
local
|
Uses the local username database for authentication.
|
local-case
|
Uses case-sensitive local username authentication.
|
none
|
Uses no authentication.
|
group radius
|
Uses the list of all RADIUS servers for authentication.
|
group tacacs+
|
Uses the list of all TACACS+ servers for authentication.
|
groupgroup-name
|
Uses a subset of RADIUS or TACACS+ servers for authentication as defined by the aaa group server radius or aaa group server tacacs+ command.
|
Click here for more reference 🙂