Thursday, December 16, 2010

13 Months And Schedule

Radius / TACACS Server

http://www.freeccnaworkbook.com/labs/section-3-configuring-basic-cisco-device-security/lab-3-2-configuring -local-user-authentication-database /

Topics of this post is to create and use RADIUS and TACACS + server for AAA, user authentication and authorization. Local authentication method is used as backup if communication with the server fails.
AAA servers can be RADIUS or TACACS +
Example 1: local authentication database E 'possibbile enable authentication dot1x global or port-based authentication through the command:
dot1x system-auto-

control logic is to follow shortly:
1) I create a user that is stored locally on the database device Router (config) # tom username Cisco privilege 15 secret $ 123
2) Enable AAA authentication

Router (config) # aaa new-model enable
This single command enables AAA then, with the default application list to the VTY.
3) I create a list of authentication and indicates the authentication method, which can be for example "local" server based "Radius", "TACACS +"

Router (config) # aaa authentication login CONSOLE_AUTH local
4) implements the list of authentication to an access method, such as "line-console". "Vty"
Router (config) # line with 0 Router (config-line) # login authentication CONSOLE_AUTH


Example 2: authentication via TACACS + and local database in case the first fails

logic to follow:
-create a user, for example tom with password test and I owe it both locally and save on server TACACS +. At a time when access to an authentication check will be done first on the server and then locally. If you do not creassi this user on the local machine when iltentativo authentication to the server fails (eg because the server is down) then you might not ever utenticare.
Router (config) # tom username cisco privilege 15 secret


/ / TACACS + server Indivisuo Router (config) # tacacs-server host 1.1.1.1 key test


/ / Create the list of authentication and verification before on the server and then locally
Router (config) # aaa authentication login CONSOLE_AUTH group tacacs + local

/ / Apply the list to the access method: Router (config)
# line console 0 Router (config-line) # login authentication CONSOLE_AUTH



Posted by admin at 2:10 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)