08-16-2016 02:54 AM - edited 03-10-2019 11:59 PM
Hello all,
I would like some advice regarding AAA tacacs conf. The conf is working but I am not sure how it works. I am having the below conf.
ip ssh version 2
ip domain-name xxx
crypto key generate rsa
aaa new-model
aaa authentication banner ^C
All attempted entries and sessions are logged ^C
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
snmp-server community xxx RO
snmp-server community xxx RW
snmp-server contact Network Team
tacacs-server host xxx
tacacs-server directed-request
tacacs-server key xxx
line con 0
password xxx
line vty 0 15
transport input ssh
The conf t is working absolutely fine, but not sure how this could work without
Line vty 0 15
Login authentication tacacs.
not sure what I am missing. could anyone please explain.
Thanks
Nav
08-16-2016 06:15 AM
In AAA world, there are 2 kind of lists we use - Named OR Default.
The default method list (which is named "default"). The default method list is automatically applied to all interfaces except those that have a named method list explicitly defined. A Named method list overrides the default method list.
In your aaa/tacacs configuration, you're using default method list.
aaa authentication login DEFAULT group tacacs+ local
A typical example of named method list would be
aaa authentication login NAMED group tacacs+ local
and then you have to call this NAMED method list inside the line vty 0 15 like this:
line vty 0 15
login authentication NAMED.
Since you're using default method list, you don't need to define named inside the line configuration.
Hope it helps.
Regds,
Jatin
~ Do rate helpful posts.
08-16-2016 06:34 AM
ah ok.. that makes sense. thank you very much mate.
08-16-2016 08:57 AM
Yw, glad you understood the concept. Enjoy!
~ Jatin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide