AAA authenticaiton on Cisco device

  Type the following command under the line:

  Username cisco password cisco

  Aaa new-model

  AAA authenticaiton on Cisco device

  Aaa authentication login vty.authengroup tacacs+ local none

  Tacacs-server host 192.168.127.233 key cisco

  Radius-server host 192.168.127.233 key cisco

  Line vty 0 15

  Password ppp

  Login authentication vty.authen

  ***if we set the ACS correctly, we should create a username Devin; and input the server client on the ACS.

  Because we type the command vty.authengroup tacacs+ local none; then authentication will first find the ACS tacas server, if it is not successful, it will seek local username/password. If the local also don’t have the username/password, it will keep none login.

  Test:

  1, make the network between client and ACS broken down, we can use the PPP login this router without password; also we can use the devin to login the router without password. At last we need to use cisco with password cisco to login.

  2, if the network is ok, we can only use the ACS as the authentication, then we canonly use the devin as the only way to login.

 

发表评论

邮箱地址不会被公开。 必填项已用*标注