Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
251
Views
0
Helpful
3
Replies

AAA Tacacs Conf

navneethjayaram
Level 1
Level 1

‎08-16-2016 02:54 AM - edited ‎03-10-2019 11:59 PM

Hello all,

I would like some advice regarding AAA tacacs conf.  The conf  is working but I am not sure how it works. I am having the below conf.


ip ssh version 2
ip domain-name xxx
crypto key generate rsa


aaa new-model

aaa authentication banner ^C
All attempted entries and sessions are logged ^C


aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+


snmp-server community xxx RO
snmp-server community xxx RW
snmp-server contact Network Team
tacacs-server host xxx
tacacs-server directed-request
tacacs-server key xxx

line con 0
password xxx
line vty 0 15
transport input ssh

The conf t is working absolutely fine, but not sure how this could work without

Line vty 0 15

Login authentication tacacs.

not sure what I am missing. could anyone please explain.

Thanks

Nav

Labels:
0 Helpful
3 Replies 3

Jatin Katyal
Cisco Employee
Cisco Employee

‎08-16-2016 06:15 AM

In AAA world, there are 2 kind of lists we use - Named OR Default.

The default method list (which is named "default"). The default method list is automatically applied to all interfaces except those that have a named method list explicitly defined. A Named method list overrides the default method list.

In your aaa/tacacs configuration, you're using default method list.

aaa authentication login DEFAULT group tacacs+ local

A typical example of named method list would be

aaa authentication login NAMED group tacacs+ local

and then you have to call this NAMED method list inside the line vty 0 15 like this:

line vty 0 15

login authentication NAMED.

Since you're using default method list, you don't need to define named inside the line configuration.

Hope it helps.

Regds,

Jatin

~ Do rate helpful posts.

~Jatin
0 Helpful

navneethjayaram
Level 1
Level 1
In response to Jatin Katyal

‎08-16-2016 06:34 AM

ah ok.. that makes sense. thank you very much mate. 

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to navneethjayaram

‎08-16-2016 08:57 AM

Yw, glad you understood the concept. Enjoy!

~ Jatin

~Jatin
0 Helpful
Customers Also Viewed These Support Documents