Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

aaa authentication

can anyone tell me the benifits of using this in my switches and routers, rather than using normal vty and enable logins etc ?

cheers

7 REPLIES
New Member

Re: aaa authentication

imagine u have 20 devices and u use the same passord for all devices. one day u need to change the password for all devices, if u don t use aaa u will make it manually 20 times :-(

if u use aaa u just change it one time in aaa server :-)

Re: aaa authentication

Hi,

To quote from the AAA overview at:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7a7.html

AAA provides the following benefits:

-Increased flexibility and control of access configuration

-Scalability

-Standardized authentication methods, such as RADIUS, TACACS+, and Kerberos

-Multiple backup systems

If you only have a couple of switches and routers and you are the only admin then there probably isn't much point - but if you have a lot of devices, a lot of users and whole bunch of different access requirements then being able to control all access from one single point is a huge time-saver.

HTH

Andrew.

New Member

Re: aaa authentication

Hi carl!

You have lots of reasons to use it!

the most important one is that AAA supports TACACS+, RADIUS, and Kerberos.

Also AAA provides scalability. AAA configurations rely on a server to store usernames and passwords. So you dont have to create local databases and update on every router. one point of administration.By centralizing the username/password database, AAA makes it possible to enter, update, and store information in one place.

You can find more information about AAA by hitting following link...

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfaaa.htm

Regards..

Re: aaa authentication

Hi

U have a large setup.There are different level of engineers who should have different level of access to the router.Even they should have different user-name and password. Here AAA comes to picture.

There is no downside of AAA.

Pls rate helpful posts.

Regards

JD

New Member

Re: aaa authentication

thanks all for your replys, how would I create a server, and would I have to point to this server on each device ?

cheers

New Member

Re: aaa authentication

Hi

could u PS Provide us a link that contain Scenario about the ACS Administration & Configuration.

i have this version Cisco.Secure.ACS.v3.2.

10xs

Re: aaa authentication

Hi Carl,

You can use any Unix machine and configure it as a Tacacs+ server. This method needs you to configure th strings required.

Another easy solution is the Cisco ACS server.

THis server comes with a preloaded ACS application which is capable of running both Tacacs+ & Radius. Its GUI based and very easy to use.

For the answer to your second question...yes you have configure the following commands on every device u want to authenticate using tacacs+.

aaa new-model

tacacs-server host x.x.x.x key xxxx

aaa authentication login default tacacs+ local

username adminXX privilege 15 password xxxxx (Local credentials, if the device cannot connect to the TACACs Server)

line con 0

login authentication default

line vty 0 4

login authentication default

HTH

Narayan

164
Views
3
Helpful
7
Replies