|
11.2.1 |
The aaa new-model
command
Router(config)#aaa new-model
|
|
11.2.2 |
configuring TACACS+
and RADIUS clients
Router(config)# tacacs-server host hostname [port
integer] [timeout integer] [key
string]
Router(config)# tacacs-server key key
Router(config)# radius-server host {hostname
| ip-address} [auth-port port-number]
[acct-port port-number] [timeout
seconds] [retransmit retries] [key
string] [alias{hostname |
ip-address}]
Router(config)# radius-server key {0
string | 7 string | string}
|
|
11.2.3 |
Configuring login
Authentication
Router(config)# aaa authentication login {default |
list-name} method1 [method2...]
Monitors AAA authentication transactions
Router#
debug aaa authentication
|
|
11.2.5 |
Enabling password
protection at the privileged level
Router(config)# aaa authentication enable default method1 [method2...]
Router(config)# aaa authentication password-prompt
text-string
Router(config)# aaa authentication username-prompt
text-string
|
|
11.2.6 |
Configuring PPP
authentication using AAA
Router(config)# aaa authentication ppp {default |
list-name} method1 [method2...]
|
|
11.2.7 |
Configuring AAA
authorization
Router(config)# aaa authorization {network | exec
| commands level | reverse-access} {default
| list-name} [method1 [method2...] ]
Verifies user privilege levels
Router#
show privilege
Monitors AAA/TACACS+/RADIUS authorization
Router#
debug aaa authorization
|
|
11.2.10 |
Configuring AAA
Accounting
Router(config)# aaa accounting {auth-proxy | system
| network | exec | connection | commands
level} {default | list-name} {start-stop
| stop-only | none} [broadcast] group
groupname
Monitors
aaa accounting transactions
Router#
debug aaa accounting
|
