Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

enable aaa, ssh in catos

hi! I;m trying to configure ssh and aaa in CatOS. Anyone know what's the neccessary commands for what i'm trying to achive in the commands below? we've that in IOS but not too sure about catos. Thanks.

username admin password xxxxx
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa authorization network default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 172.16.1.1 key 7 uoweuouru
tacacs-server host 172.16.1.2 key 7 uoweuouru

ip dhcp snooping vlan 2-4069
ip dhcp snooping

ip domain name hellodomain

crypto key generate rsa

ip ssh version 1

line vty 0 15
access-class 20 out
transport input ssh
exit

1 REPLY

Re: enable aaa, ssh in catos

hi! I;m trying to configure ssh and aaa in CatOS. Anyone know what's the neccessary commands for what i'm trying to achive in the commands below? we've that in IOS but not too sure about catos. Thanks.

username admin password xxxxx
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa authorization network default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 172.16.1.1 key 7 uoweuouru
tacacs-server host 172.16.1.2 key 7 uoweuouru

ip dhcp snooping vlan 2-4069
ip dhcp snooping

ip domain name hellodomain

crypto key generate rsa

ip ssh version 1

line vty 0 15
access-class 20 out
transport input ssh
exit

Hi,

As per the configuration you have configured access-class out which means " Restricts outgoing connections between a particular Cisco device and the addresses in the access list."

The following example defines an access list that permits only hosts on network 192.89.55.0 to connect to the virtual terminal ports on the router:


access-list 12 permit 192.89.55.0  0.0.0.255
 line 1 5
 access-class 12 in

I would suggest configure access-class in  then check you are able to login into cisco devices.

Hope that help

If helpful do rate the post

Ganesh.H

1158
Views
0
Helpful
1
Replies