AAA setup on 4509

Jonathancert_2 · ‎10-22-2010

I've been asked to place the appropriate commands in my 4509 to allow access for TACAC, but none of the commands are working. Some of them I can't even find in the IOS. Need help.

authorization commands 15 ENT

accounting commands 15 ENT

login authentication ENT

Jonathan,

Panos Kampanakis · ‎10-22-2010

Do you mean

aaa authentication...

aaa authorization commands 15 ENT

aaa accounting commands 15 ENT

Make sure you do "aaa new-model" before you try to use aaa commands.

I hope it helps.

PK

mavespig · ‎10-23-2010

Hi Jonathan,

Are you running IOS or CATOS on the 4509?

Which release?

Are you trying to configure login authentication using Tacacs server?

Cheers

Marco

Jonathancert_2 · ‎10-23-2010

I am running regular IOS.

mavespig · ‎10-24-2010

You can find many configuration guides on Cisco website, for AAA on IOS, for example:

http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html

In your case, a basic configuration will be:

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ local

tacacs-server host x.x.x.x key yyyyy

The "local" keyword means that if the Tacacs server does not reply or it's misconfigured, you can use the local database to authenticate. In this way, if the tacacs server is down, you can still access the switch.

You can add users to the local database with the command "username .... password ...."

Cheers

Marco