The IP address the access server uses to communicate with the AAA server. On the AAA server, configure the following parameters: If you are using Radius, use the radius-server host command. If you are using TACACS+, use the tacacs-server host command. If you do not want to use either of these two protocols, you can use the local database on the router. In global configuration, define the security protocol used with AAA (Radius, TACACS+). This allows you to recover from unforeseen lockouts (prior to saving the configuration) by reloading the router. Only after you have completed all your AAA configuration (and are satisfied that it works correctly) should you save the configuration again. Tip: Save your configuration prior to configuring your AAA commands. Do this a follows: Router(config)# username xxx password yyy To avoid being locked out of the router, we recommend that you define a username and password on the access server before starting the AAA configuration. If a telnet session is opened to the router after enabling this command (or if a connection times out and has to reconnect), then the user has to be authenticated using the the local database of the router. Warning: The aaa new-model command immediately applies local authentication to all lines and interfaces (except console line line con 0). Note: Until this command is enabled, all other AAA commands are hidden.
To enable AAA, you need to configure the aaa new-model command in global configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it. All of the devices used in this document started with a cleared (default) configuration. The information presented in this document was created from devices in a specific lab environment. The information in this document is based on Cisco IOS software release 12.1 main line. To get an overview of AAA, and for complete details about AAA commands and options, please refer to the IOS 12.2 Security Configuration Guide:Authentication, Authorization, and Accounting. Before You Begin Conventionsįor more information on document conventions, see the Cisco Technical Tips Conventions. Failure to do so may result in misconfiguration and subsequent lockout. Note: Please read the section on General AAA Configuration before proceeding with the Cisco IOS® configuration. The goal of this document is not to cover all AAA features, but to explain the main commands and provide some examples and guidelines. This document explains how to configure Authentication, Authorization, and Accounting (AAA) on a Cisco router using Radius or TACACS+ protocols.
0 kommentar(er)
