Home > AAA TACACS+ and RADIUS Tutorial

AAA TACACS+ and RADIUS Tutorial

Go to comments

In this part we will have some configuration of Authentication to help you grasp it.

Question

Suppose we configure AAA as follows.

aaa authentication login NO_AUTH none

line console 0
login authentication NO_AUTH

Which login credentials are required when connecting to the console port in this output?

Answer: The console port is authenticated with NO_AUTH list. But this list does not contain any authentication method (it uses “none”) so no authentication is required when connecting to the console port.

Question

Which login credentials are required when connecting to the VTY port in this output?

Router(config)#aaa authentication login default group radius local line

Answer: We used “default” method list so the authentication is applied to all login connections (even if there is no login authentication command). A group of “RADIUS, local and line” is defined so the device will first contact RADIUS server, then local username and finally line password.

Because we are using the list default in the aaa authentication login command, login authentication is automatically applied for all login connections (such as tty, vty, console and aux).

Question

Which login credentials are required when connecting to the VTY port in this output?

Router(config)# aaa authentication login default tacacs+ enable

Answer: The router first attempts to use the TACACS+ method for authentication, then the enable method. Therefore, the enable password is used to authenticate users if the device cannot contact the TACACS+ server.

Note: All the above configuration only uses the first “A” (Authentication) for demonstration. If you wish to learn about two other “A”s (Authorization and Accounting) please visit the Cisco links below:

+ Authorization: https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfathor.html
+ Accounting: https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfacct.html

Reference:

http://www.cisco.com/c/dam/en/us/products/collateral/security/secure-access-control-server-windows/prod_white_paper0900aecd80737943.pdf

https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html [/am4show]

We are sorry but full content is only available for Premium Members only. In order to continue reading, please:

Pages: 1 2 3
Comments (6) Comments
Comment pages
1 2 4228
  1. Zoarexpro
    February 17th, 2020

    Glad to tell you PASSED my exam, 866 points, on 14th Feb 2020.
    lots of the questions from here but not entirely from here. there were many new technology infrastructure questions. Sims and drag and drop concepts are in here but still not exactly like what you see them in here. Exam time was sufficient. if you wisely use it, you can even be done before time. I had about 20 min answering my last questing.

  2. Anonymous
    February 27th, 2020

    Hi Guys,

    Any advice for me as a beginner for this tutorial?
    what will be the first topic/s i need to study in order to understand the basic networking?

  3. kevin
    July 14th, 2020

    Hello, In the book Official Cert Guide CCNA 200-301 there is no configuration for AAA TACACS+ and RADIUS, just a very brief introduction to them. Do you know if the configuration for AAA TACACS+ and RADIUS is still part of the exam?

  4. miau
    March 5th, 2022

    miau?

  5. hiwot
    December 19th, 2023

    fine

  6. IRENE
    March 11th, 2024

    so cute but complicted so little

Comment pages
1 2 4228
Add a Comment