Home > AAA TACACS+ and RADIUS Tutorial

AAA TACACS+ and RADIUS Tutorial

October 18th, 2018 Go to comments

In this part we will have some configuration of Authentication to help you grasp it.

Question

Suppose we configure AAA as follows.

aaa authentication login NO_AUTH none

line console 0
login authentication NO_AUTH

Which login credentials are required when connecting to the console port in this output?

Answer: The console port is authenticated with NO_AUTH list. But this list does not contain any authentication method (it uses “none”) so no authentication is required when connecting to the console port.

Question

Which login credentials are required when connecting to the VTY port in this output?

Router(config)#aaa authentication login default group radius local line

Answer: We used “default” method list so the authentication is applied to all login connections (even if there is no login authentication command). A group of “RADIUS, local and line” is defined so the device will first contact RADIUS server, then local username and finally line password.

Because we are using the list default in the aaa authentication login command, login authentication is automatically applied for all login connections (such as tty, vty, console and aux).

Question

Which login credentials are required when connecting to the VTY port in this output?

Router(config)# aaa authentication login default tacacs+ enable

Answer: The router first attempts to use the TACACS+ method for authentication, then the enable method. Therefore, the enable password is used to authenticate users if the device cannot contact the TACACS+ server.

Note: All the above configuration only uses the first “A” (Authentication) for demonstration. If you wish to learn about two other “A”s (Authorization and Accounting) please visit the Cisco links below:

+ Authorization: https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfathor.html
+ Accounting: https://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfacct.html

Reference:

http://www.cisco.com/c/dam/en/us/products/collateral/security/secure-access-control-server-windows/prod_white_paper0900aecd80737943.pdf

https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html

Comments (3) Comments
Comment pages
1 2 3 4228
  1. Anonymous
    October 15th, 2019

    ehab03291 at gmail.com

  2. ehab abdallah
    October 15th, 2019

    Please, can anyone send me 200-125 test dumps Please ehab03291 at gmail.com

  3. 9tut am greatful
    October 17th, 2019

    please share new update dumps for ccna rns 200-125 any one have please share with me on fredbons zero zero seven at gmail dot com

Comment pages
1 2 3 4228
Add a Comment