Using All AAA Services Simultaneously

It is possible, and sometimes desirable, to incorporate authentication, authorization, and accounting simultaneously on a router. This is actually easier than it sounds. The following is a configuration that combines all three parts of AAA using exactly the examples from the previous sections. All that is needed to run them at the same time is for the administrator to enter the appropriate configuration lines. Some commands, such as the aaa new-model, only needs to be entered once:

aaa new-model
!Set up for AAA

tacacs-server host 172.30.1.50
!The TACACS+ server is at 172.30.1.50

tacacs-server key mysecretkey
!Use the encrypted keys

aaa authentication login default tacacs+
!Set the default authentication to TACACS+

aaa authentication ppp branch-office-users tacacs+ login
!Sets authentication for PPP to first use TACACS+ if the server
!is available and then look at the local database

aaa authentication login administrative none
!Used to ensure the administrator has access

aaa accounting exec start-stop tacacs+
!Start accounting whenever an exec command is issued

interface serial 2
!Go to the interface

ppp authentication chap pap if-needed branch-office-users callin
!Enable authentication on the S2 interface

aaa authorization network tacacs+
!Start authorization for network services

line con 0
login authentication administrative
!Make sure the administrator can get into the console

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.149.249.127