Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

AAA sample config

Here is a sample of AAA configuration for switches and routers:

1)   AAA Authentication

Here is a sample config for AAA authentication including banner and TACACS+ server.

enable secret CISCO

!

aaa new-model

aaa authentication password-prompt "Password:"

aaa authentication username-prompt "Username:"

aaa authentication login CONSOLE local

aaa authentication login VTY group tacacs+ local

aaa authentication enable default group tacacs+ enable

!

username ADMIN password 0 CISCO

tacacs-server host 1.1.1.1

tacacs-server directed-request

tacacs-server key CISCO

!

line con 0

login authentication CONSOLE

line vty 0 4

password CISCO

login authentication VTY

2)   AAA authorization

Here is a aaa authorization to access exec using TACACS+

aaa new-model

aaa authorization console

aaa authorization exec default none

aaa authorization exec CONSOLE group tacacs+ local

aaa authorization exec VTY group tacacs+ if-authenticated

line con 0

authorization exec CONSOLE

line vty 0 4

authorization exec VTY


3)   AAA command authorization

Here is config sample so users with privillage 7 could access only following commnands:

privilege exec level 7 configure terminal

privilege exec level 7 debug ip rip

privilege exec level 7 undebug all

privilege exec level 7 show running-config

privilege configure level 7 interface

privilege interface level 7 shutdown

privilege interface level 7 no shutdown

privilege interface all level 7 ip

668
Views
0
Helpful
0
Comments