Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
3
Helpful
7
Replies

aaa authentication

carl_townshend
Spotlight
Spotlight

‎07-24-2006 02:01 AM - edited ‎03-03-2019 04:11 AM

can anyone tell me the benifits of using this in my switches and routers, rather than using normal vty and enable logins etc ?

cheers

Labels:
0 Helpful
7 Replies 7

o.hassairi
Level 1
Level 1

‎07-24-2006 02:19 AM

imagine u have 20 devices and u use the same passord for all devices. one day u need to change the password for all devices, if u don t use aaa u will make it manually 20 times :-(

if u use aaa u just change it one time in aaa server :-)

andrew.burns
Level 7
Level 7

‎07-24-2006 02:27 AM

Hi,

To quote from the AAA overview at:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7a7.html

AAA provides the following benefits:

-Increased flexibility and control of access configuration

-Scalability

-Standardized authentication methods, such as RADIUS, TACACS+, and Kerberos

-Multiple backup systems

If you only have a couple of switches and routers and you are the only admin then there probably isn't much point - but if you have a lot of devices, a lot of users and whole bunch of different access requirements then being able to control all access from one single point is a huge time-saver.

HTH

Andrew.

0 Helpful

zerozerotito
Level 1
Level 1

‎07-24-2006 02:31 AM

Hi carl!

You have lots of reasons to use it!

the most important one is that AAA supports TACACS+, RADIUS, and Kerberos.

Also AAA provides scalability. AAA configurations rely on a server to store usernames and passwords. So you dont have to create local databases and update on every router. one point of administration.By centralizing the username/password database, AAA makes it possible to enter, update, and store information in one place.

You can find more information about AAA by hitting following link...

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfaaa.htm

Regards..

0 Helpful

desai.jaideep
Level 5
Level 5

‎07-24-2006 03:11 AM

Hi

U have a large setup.There are different level of engineers who should have different level of access to the router.Even they should have different user-name and password. Here AAA comes to picture.

There is no downside of AAA.

Pls rate helpful posts.

Regards

JD

0 Helpful

carl_townshend
Spotlight
Spotlight
In response to desai.jaideep

‎07-24-2006 04:06 AM

thanks all for your replys, how would I create a server, and would I have to point to this server on each device ?

cheers

0 Helpful

alsayed
Level 1
Level 1
In response to carl_townshend

‎07-24-2006 04:44 AM

Hi

could u PS Provide us a link that contain Scenario about the ACS Administration & Configuration.

i have this version Cisco.Secure.ACS.v3.2.

10xs

0 Helpful

royalblues
Level 10
Level 10
In response to alsayed

‎07-24-2006 06:46 PM

Hi Carl,

You can use any Unix machine and configure it as a Tacacs+ server. This method needs you to configure th strings required.

Another easy solution is the Cisco ACS server.

THis server comes with a preloaded ACS application which is capable of running both Tacacs+ & Radius. Its GUI based and very easy to use.

For the answer to your second question...yes you have configure the following commands on every device u want to authenticate using tacacs+.

aaa new-model

tacacs-server host x.x.x.x key xxxx

aaa authentication login default tacacs+ local

username adminXX privilege 15 password xxxxx (Local credentials, if the device cannot connect to the TACACs Server)

line con 0

login authentication default

line vty 0 4

login authentication default

HTH

Narayan

0 Helpful
Customers Also Viewed These Support Documents