Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AAA on Terminal Server


I have enabled TACACS+ authentication and authorization for my networking devices.

I can also access these devices through my terminal server (cisco router). Telnet Access to the terminal server itself is authenticated with ACS.

My problem is that after a user logs on to the terminal server, the user is able to logon to other networking devices without having to provide the credentials. How do I make it mandatory for a user to provide TACACS+ credentials for devices connected to the terminal server?

I have enabled AAA for console and VTY access on the terminal server and the devices.




Re: AAA on Terminal Server

The authentication, authorization, and accounting (AAA) mechanism verifies the identity of, grants access to, and tracks the actions of users managing a switch. All Cisco MDS 9000 Family switches use Remote Access Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) protocols to provide solutions using remote AAA servers.

Based on the user ID and password combination provided, switches perform local authentication or authorization using the local database or remote authentication or authorization using AAA server(s). A preshared secret key provides security for communication between the switch and AAA servers. This secret key can be configured for all AAA server or for only a specific AAA server. This security mechanism provides a central management capability for AAA servers.

Refer to Configuring RADIUS and TACACS+ for more information


Re: AAA on Terminal Server

You have to enable AAA on both the Terminal

Server TTY line and the networking devices

console port that connected to the Terminal


CCIE security