Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
864
Views
0
Helpful
3
Replies

AAA on switches vs routers (On Cisco IOS)

Go to solution
nathan
Level 1
Level 1

‎05-19-2006 11:33 AM - edited ‎03-10-2019 02:35 PM

I have AAA with TACACS+ configured on a router in this manner:

aaa authentication login default group tacacs+ local-case enable

aaa authentication enable default group tacacs+ enable

Can I enter the same configuration on a switch(switches in general)?

What about accounting? can I have the same accounting configured on the router and switch?

for the switch do I need to enable accounting services to the console line?

example:

line con 0

accounting commands 15 default

accounting exec default

so in the router Ihave accounting configured but not applied to any interfaces eg) console, vty.... once accounting is enabled on the router it is automatically applied to all interfaces if I am using the default method list? and is that true for switches?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
premdeep.banga
Level 1
Level 1

‎05-20-2006 12:25 AM

Hi Nathan,

Be it Router/Switch, AAA commands work for both same way.

And you are correct 'default' list means that it will be applied on all interface, on routers as well as on switch. Also you dont have to explicitly specify it like :

line con 0

accounting commands 15 default

accounting exec default

There's no need, beacuse you are again telling it to look for 'default' accounting list, which if we have already configured will look for the same.

Terefore only commands that you need to specify is :

aaa accouting commands 0 default start-stop group tacacs+

aaa accouting commands 1 default start-stop group tacacs+

aaa accouting commands 15 default start-stop group tacacs+

As by default we have commands on three privilege levels on IOS devices. Level 0,1, and 15.

Hope it helps :)

View solution in original post

0 Helpful
3 Replies 3

Go to solution
premdeep.banga
Level 1
Level 1

‎05-20-2006 12:25 AM

Hi Nathan,

Be it Router/Switch, AAA commands work for both same way.

And you are correct 'default' list means that it will be applied on all interface, on routers as well as on switch. Also you dont have to explicitly specify it like :

line con 0

accounting commands 15 default

accounting exec default

There's no need, beacuse you are again telling it to look for 'default' accounting list, which if we have already configured will look for the same.

Terefore only commands that you need to specify is :

aaa accouting commands 0 default start-stop group tacacs+

aaa accouting commands 1 default start-stop group tacacs+

aaa accouting commands 15 default start-stop group tacacs+

As by default we have commands on three privilege levels on IOS devices. Level 0,1, and 15.

Hope it helps :)

0 Helpful

Go to solution
nathan
Level 1
Level 1
In response to premdeep.banga

‎05-20-2006 11:55 AM

yes this helps, I wasnt sure, just needed a confirmation....with out looking through volumes of material.

thanks

0 Helpful

Go to solution
premdeep.banga
Level 1
Level 1
In response to nathan

‎05-20-2006 01:06 PM

Welcome :)

Please rate this post if it helped :)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents