Scribd
Upload
11 views3 pages

AAA It Is A Way To Centralize Policies That Are Applied and Configured To Network Devices - 101445

AAA it is a way to centralize policies that are applied

Uploaded by

Nagendra Chaudhary
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
11 views3 pages

AAA It Is A Way To Centralize Policies That Are Applied and Configured To Network Devices - 101445

AAA it is a way to centralize policies that are applied

Uploaded by

Nagendra Chaudhary
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

AAA it is a way to centralize policies that are applied and configured to

network devices.
And it is authorizing a user with a username and a password before
they even access the network, this user can have access to the network
devices that are connected or been configured to use a AAA server .
There are two authentication protocols: RADIUS and TACACS+
RADIUS stands for (Remote Authentication Dial-IN Service) is an open
standard protocol, that combines authentication and authorization into
one single process, once the users are authenticated, they are also
authorized, RADIUS uses UDP for authentication and authorization .
on the other hand, TACACS+ which stand for ( Terminal Access Control,
Access Control System) is a Cisco proprietary protocol, and it uses TCP
rather than UDP, and unlike RADIUS it separates the authentication
from authorization and accounting services.
In this topology, I have a AAA server connected to a switch, which is
connected to multiple routers.
 When we integrate the router with the AAA server, the
authenticated users with their passwords saved on the local
database of the router are no longer used or would be used ONLY
if the AAA server was unavailable for some reason.
 The command aaa new-model will enable new access control
commands and functions, and this would disable all the old
commands were configured on the local router’s database.
# aaa new-model
All what we did thus far was to enable aaa new model on the router.
# tacacs-server host ( the ip address of the AAA server)
# tacacs-server key cisco
Now, it is time to configure AAA options
Here we will chose authentication attempts to the router.
# aaa authentication login default ( default here means: this
authentication method is going to be applied to all the lines on this
router or device , like vty lines, concole lines ect …….
Now we can specify what is going to be used for authentication, in this
example we want to use group, in this example it is going to be tacacs+,
and as a back up authentication method we will use local, this would be
used only if the tacacs is unavailable.
# aaa authentication login default group tacacs loal.
Let us sign in again to the router as sal or lisa, we are able to, because
we still didn’t integrate the router with the server.
On the server.
The newer configuration for AAA servers:
# tacacs+ server ( give it a name) AAA
# address ipv4 ( x.x.x.x) the ip address of the tacacs server.
# key cisco ( the key between the AAA server and the devices).
# exit
# aaa group server tacacs+ aaagroup
# server name AAA
# exit

You might also like