AAA Config Questions



I'm looking to understand AAA commands better and different ways to setup it up. I've looked at the manuals but get lost mostly because it's boring to read. Is there a resource or a site that breaks this down in a better format that other folks have found helpful?








whats exactly you are trying

whats exactly you are trying to do with AAA ? you want to set up SSH access via aaa or something ? or you want to set up AAA for vpn authentication ? what device are you working on , is it a ASA or router or switch  as AAA config will have difference between them?


I'm not trying to do anything

I'm not trying to do anything particular just yet, except learn a little more about them. I apologize for being vague. For example when I look at some of our configs I'm trying to understand what exactly does a command do. Take the first one for ex. I researched it some and the manual just confused me more than helped me on what this really does. I understand setting up SSH and doing simple things as I just passed the CCENT but studying for that didn't get down in the weeds on a lot of topics I feel I should know. Is this a method list? I'm not sure as I just read about that term today. I'm more of a visual learner so seeing some type of flow chart would make more sense like if a switch had "aaa authentication password-prompt PASSCODE---->" this command X..Y..and Z happens because of this. That type of thing. 

aaa authentication password-prompt PASSCODE---->………...

aaa authentication login default group radius local

aaa authentication dot1x default group radius

aaa authorization exec default group radius local

aaa authorization network default group radius

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+



The command "aaa

The command "aaa authentication password-promt PASSCODE" will change the prompt from default of password: to "PASSCODE" , for ex if you put in a command :

"aaa authentication password-promt PASSWORD HERE" will change the password prompt for the user to :


Method List : In the command "aaa authentication login default group radius local"  , the string "default" is the method list, you can use the command :

"aaa authentication login YOURNAME group radius local" and lets say we attach it with SSH , than it would be

line vty 0 4

login authentication YOURNAME // YOURNAME is the method list here.

For easy explanation just look for command explanation in cisco docs



