05-19-2006 11:33 AM - edited 03-10-2019 02:35 PM
I have AAA with TACACS+ configured on a router in this manner:
aaa authentication login default group tacacs+ local-case enable
aaa authentication enable default group tacacs+ enable
Can I enter the same configuration on a switch(switches in general)?
What about accounting? can I have the same accounting configured on the router and switch?
for the switch do I need to enable accounting services to the console line?
example:
line con 0
accounting commands 15 default
accounting exec default
so in the router Ihave accounting configured but not applied to any interfaces eg) console, vty.... once accounting is enabled on the router it is automatically applied to all interfaces if I am using the default method list? and is that true for switches?
Solved! Go to Solution.
05-20-2006 12:25 AM
Hi Nathan,
Be it Router/Switch, AAA commands work for both same way.
And you are correct 'default' list means that it will be applied on all interface, on routers as well as on switch. Also you dont have to explicitly specify it like :
line con 0
accounting commands 15 default
accounting exec default
There's no need, beacuse you are again telling it to look for 'default' accounting list, which if we have already configured will look for the same.
Terefore only commands that you need to specify is :
aaa accouting commands 0 default start-stop group tacacs+
aaa accouting commands 1 default start-stop group tacacs+
aaa accouting commands 15 default start-stop group tacacs+
As by default we have commands on three privilege levels on IOS devices. Level 0,1, and 15.
Hope it helps :)
05-20-2006 12:25 AM
Hi Nathan,
Be it Router/Switch, AAA commands work for both same way.
And you are correct 'default' list means that it will be applied on all interface, on routers as well as on switch. Also you dont have to explicitly specify it like :
line con 0
accounting commands 15 default
accounting exec default
There's no need, beacuse you are again telling it to look for 'default' accounting list, which if we have already configured will look for the same.
Terefore only commands that you need to specify is :
aaa accouting commands 0 default start-stop group tacacs+
aaa accouting commands 1 default start-stop group tacacs+
aaa accouting commands 15 default start-stop group tacacs+
As by default we have commands on three privilege levels on IOS devices. Level 0,1, and 15.
Hope it helps :)
05-20-2006 11:55 AM
yes this helps, I wasnt sure, just needed a confirmation....with out looking through volumes of material.
thanks
05-20-2006 01:06 PM
Welcome :)
Please rate this post if it helped :)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: