Scribd
Upload
109 views2 pages

Tacacs in Cisco IOS

The document configures AAA authentication, authorization, and accounting using TACACS+ on a switch. It defines TACACS+ as the authentication method for login, enable, commands, accounting for exec sessions, commands, network access, and connections. Radius is also configured with a server, group, and used for line login authentication.

Uploaded by

sopenco
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
109 views2 pages

Tacacs in Cisco IOS

The document configures AAA authentication, authorization, and accounting using TACACS+ on a switch. It defines TACACS+ as the authentication method for login, enable, commands, accounting for exec sessions, commands, network access, and connections. Radius is also configured with a server, group, and used for line login authentication.

Uploaded by

sopenco
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

aaa new-model

!
!
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization commands 1 default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default
action-type start-stop
group tacacs+
!
aaa accounting commands 1 default
action-type start-stop
group tacacs+
!
aaa accounting commands 15 default
action-type start-stop
group tacacs+
!
aaa accounting network default
action-type start-stop
group tacacs+
!
aaa accounting connection default
action-type start-stop
group tacacs+
!
!
!
!
!
!
aaa session-id common

TutoriaisIT
Radius
Switch(config)# radius server myRadius
Switch(config-radius-server)# address ipv4 hostname [auth-port integer ] [ acct-
port integer]
Switch(config-radius-server)# key cisco123

Switch(config)# aaa group server radius Mygroup2


Switch(config-sg-radius)# server name myRadius
Switch(config)# aaa authentication login radius_list group Mygroup2 local
Switch(config)# line vty 0
Switch(config-line)# login authentication radius_list

Tacacs+
Switch(config)# tacacs server myTacacs
Switch(config-server-tacacs)# address ipv4 hostname
Switch(config-server-tacacs)# port integer
Switch(config-server-tacacs)# key cisco123
Switch(config)# aaa group server tacacs+ Mygroup1
Switch(config-sg-tacacs+)# server name myTacacs
Switch(config)#aaa authentication login default group Mygroup1 local
Switch(config)#aaa authorization exec default group Mygroup1 local

Switch(config)# aaa authorization authorization-type list-name method-list


Switch(config)# line line-type line-number
Switch(config)# authorization { arap | commands level | exec | reverse-access }
list-name

Switch(config)# aaa accounting accounting-type list-name { start-stop | stop-only |


none } method-list
Switch(config)# interface interface-type interface-number
Switch(config-if)# ppp accounting list-name

You might also like