Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1555
Views
0
Helpful
1
Replies

enable aaa, ssh in catos

dkblee
Level 1
Level 1

‎02-02-2010 09:19 PM - edited ‎03-10-2019 04:55 PM

hi! I;m trying to configure ssh and aaa in CatOS. Anyone know what's the neccessary commands for what i'm trying to achive in the commands below? we've that in IOS but not too sure about catos. Thanks.

username admin password xxxxx
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa authorization network default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 172.16.1.1 key 7 uoweuouru
tacacs-server host 172.16.1.2 key 7 uoweuouru

ip dhcp snooping vlan 2-4069
ip dhcp snooping

ip domain name hellodomain

crypto key generate rsa

ip ssh version 1

line vty 0 15
access-class 20 out
transport input ssh
exit

Labels:
0 Helpful
1 Reply 1

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎02-03-2010 12:20 AM 

hi! I;m trying to configure ssh
and aaa in CatOS. Anyone know what's the neccessary commands for what
i'm trying to achive in the commands below? we've that in IOS but not
too sure about catos. Thanks.
username admin password xxxxx
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local 
aaa authorization network default group tacacs+ local 
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
tacacs-server host 172.16.1.1 key 7 uoweuouru
tacacs-server host 172.16.1.2 key 7 uoweuouru
ip dhcp snooping vlan 2-4069
ip dhcp snooping
ip domain name hellodomain
crypto key generate rsa
ip ssh version 1
line vty 0 15
access-class 20 out
transport input ssh
exit

Hi,

As per the configuration you have configured access-class out which means " Restricts outgoing connections between a particular Cisco device and the addresses in the access list."

The following example defines an access list that permits only hosts on network 192.89.55.0 to connect to the virtual terminal ports on the router:


access-list 12 permit 192.89.55.0  0.0.0.255
 line 1 5
 access-class 12 in

I would suggest configure access-class in  then check you are able to login into cisco devices.

Hope that help

If helpful do rate the post

Ganesh.H

0 Helpful
Customers Also Viewed These Support Documents