Re: AAA setup help

vinh.nguyen · ‎05-26-2010

hi all,

I have a gateway and would like to setup AAA.

here's the flow of my setup:

user call into my gateway -> my tcl script will take over and authenticate user via radius server.

I'm just at lost with all this "aaa authentication + accounting" setup. Can someone guide me?

Thanks.

Panos Kampanakis · ‎05-26-2010

I would suggest following http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a0080178a51.shtml and its examples.

PK

vkoyi85 · ‎06-04-2010

Hello,

Please read below documents for AAA overview & configuration.

http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfaaa.html

For AAA And security configuration you can follow up this document.

http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfbook.pdf

I feel these above documents help you better understanding of AAA.

If not Please brief us your doubt regrding AAA means what you are doing exactaly in accounting or what you are trying to configure in accounting,Then we can be sort it out.

Thanks & Regards,

~Venkat

Chetan Kumar Ress · ‎06-04-2010

Hi Vinh

Here are the commant that can help you to setup the AAA in Network Devices.

Here you can make changes in accounting as you requried.

aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enabl
aaa authentication ppp default group default-group local
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 2 default group tacacs+ local
aaa authorization commands 3 default group tacacs+ local
aaa authorization commands 4 default group tacacs+ local
aaa authorization commands 5 default group tacacs+ local
aaa authorization commands 6 default group tacacs+ local
aaa authorization commands 7 default group tacacs+ local
aaa authorization commands 8 default group tacacs+ local
aaa authorization commands 9 default group tacacs+ local
aaa authorization commands 10 default group tacacs+ local
aaa authorization commands 11 default group tacacs+ local
aaa authorization commands 12 default group tacacs+ local
aaa authorization commands 13 default group tacacs+ local
aaa authorization commands 14 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa authorization network default local group default
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 2 default start-stop group tacacs+
aaa accounting commands 3 default start-stop group tacacs+
aaa accounting commands 4 default start-stop group tacacs+
aaa accounting commands 5 default start-stop group tacacs+
aaa accounting commands 6 default start-stop group tacacs+
aaa accounting commands 7 default start-stop group tacacs+
aaa accounting commands 8 default start-stop group tacacs+
aaa accounting commands 9 default start-stop group tacacs+
aaa accounting commands 10 default start-stop group tacacs+
aaa accounting commands 11 default start-stop group tacacs+
aaa accounting commands 12 default start-stop group tacacs+
aaa accounting commands 13 default start-stop group tacacs+
aaa accounting commands 14 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+

vinh.nguyen · ‎06-08-2010

Thanks,

I was wonderinf if I can do something like this:

is it possible to set it up with AAA so that when I telnet/ssh into my gateway. it will prompt me for enable password just like when I don't have "aaa new-model" set?

Jatin Katyal · ‎06-09-2010

If you don't enable aaa then also it will work.

With AAA, you may use this one

aaa authentication login default enable

HTH

JK

Do rate helpful posts-

~Jatin