Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AAA on switches vs routers (On Cisco IOS)

I have AAA with TACACS+ configured on a router in this manner:

aaa authentication login default group tacacs+ local-case enable

aaa authentication enable default group tacacs+ enable

Can I enter the same configuration on a switch(switches in general)?

What about accounting? can I have the same accounting configured on the router and switch?

for the switch do I need to enable accounting services to the console line?

example:

line con 0

accounting commands 15 default

accounting exec default

so in the router Ihave accounting configured but not applied to any interfaces eg) console, vty.... once accounting is enabled on the router it is automatically applied to all interfaces if I am using the default method list? and is that true for switches?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: AAA on switches vs routers (On Cisco IOS)

Hi Nathan,

Be it Router/Switch, AAA commands work for both same way.

And you are correct 'default' list means that it will be applied on all interface, on routers as well as on switch. Also you dont have to explicitly specify it like :

line con 0

accounting commands 15 default

accounting exec default

There's no need, beacuse you are again telling it to look for 'default' accounting list, which if we have already configured will look for the same.

Terefore only commands that you need to specify is :

aaa accouting commands 0 default start-stop group tacacs+

aaa accouting commands 1 default start-stop group tacacs+

aaa accouting commands 15 default start-stop group tacacs+

As by default we have commands on three privilege levels on IOS devices. Level 0,1, and 15.

Hope it helps :)

3 REPLIES
New Member

Re: AAA on switches vs routers (On Cisco IOS)

Hi Nathan,

Be it Router/Switch, AAA commands work for both same way.

And you are correct 'default' list means that it will be applied on all interface, on routers as well as on switch. Also you dont have to explicitly specify it like :

line con 0

accounting commands 15 default

accounting exec default

There's no need, beacuse you are again telling it to look for 'default' accounting list, which if we have already configured will look for the same.

Terefore only commands that you need to specify is :

aaa accouting commands 0 default start-stop group tacacs+

aaa accouting commands 1 default start-stop group tacacs+

aaa accouting commands 15 default start-stop group tacacs+

As by default we have commands on three privilege levels on IOS devices. Level 0,1, and 15.

Hope it helps :)

New Member

Re: AAA on switches vs routers (On Cisco IOS)

yes this helps, I wasnt sure, just needed a confirmation....with out looking through volumes of material.

thanks

New Member

Re: AAA on switches vs routers (On Cisco IOS)

Welcome :)

Please rate this post if it helped :)

481
Views
0
Helpful
3
Replies