Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

aaa authentication

can anyone tell me the benifits of using this in my switches and routers, rather than using normal vty and enable logins etc ?


New Member

Re: aaa authentication

imagine u have 20 devices and u use the same passord for all devices. one day u need to change the password for all devices, if u don t use aaa u will make it manually 20 times :-(

if u use aaa u just change it one time in aaa server :-)

Re: aaa authentication


To quote from the AAA overview at:

AAA provides the following benefits:

-Increased flexibility and control of access configuration


-Standardized authentication methods, such as RADIUS, TACACS+, and Kerberos

-Multiple backup systems

If you only have a couple of switches and routers and you are the only admin then there probably isn't much point - but if you have a lot of devices, a lot of users and whole bunch of different access requirements then being able to control all access from one single point is a huge time-saver.



New Member

Re: aaa authentication

Hi carl!

You have lots of reasons to use it!

the most important one is that AAA supports TACACS+, RADIUS, and Kerberos.

Also AAA provides scalability. AAA configurations rely on a server to store usernames and passwords. So you dont have to create local databases and update on every router. one point of administration.By centralizing the username/password database, AAA makes it possible to enter, update, and store information in one place.

You can find more information about AAA by hitting following link...


Re: aaa authentication


U have a large setup.There are different level of engineers who should have different level of access to the router.Even they should have different user-name and password. Here AAA comes to picture.

There is no downside of AAA.

Pls rate helpful posts.



New Member

Re: aaa authentication

thanks all for your replys, how would I create a server, and would I have to point to this server on each device ?


New Member

Re: aaa authentication


could u PS Provide us a link that contain Scenario about the ACS Administration & Configuration.

i have this version Cisco.Secure.ACS.v3.2.


Re: aaa authentication

Hi Carl,

You can use any Unix machine and configure it as a Tacacs+ server. This method needs you to configure th strings required.

Another easy solution is the Cisco ACS server.

THis server comes with a preloaded ACS application which is capable of running both Tacacs+ & Radius. Its GUI based and very easy to use.

For the answer to your second question...yes you have configure the following commands on every device u want to authenticate using tacacs+.

aaa new-model

tacacs-server host x.x.x.x key xxxx

aaa authentication login default tacacs+ local

username adminXX privilege 15 password xxxxx (Local credentials, if the device cannot connect to the TACACs Server)

line con 0

login authentication default

line vty 0 4

login authentication default