06-01-2012 01:07 PM - edited 03-04-2019 04:32 PM
Hi Experts
how to configure 1900 router for local AAA and only allow ssh to it
thanks
jamil
06-01-2012 02:03 PM
For local AAA:
aaa new-model aaa authentication login default local username user privilege 15 secret password (for access directly to privileged exec -security concern here)
or
username user secret password (requires that you type in enable secret)
For SSH:
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
06-01-2012 02:08 PM
thanks for ur reply
06-02-2012 06:49 AM
Jamil,
In addition to what was posted about the aaa config, you can restrict to using ssh on the line itself:
line vty 0 4
transport input ssh
HTH,
John
06-07-2012 10:54 PM
hi
i have cisco acs 5.2 with all all default methode applied to all lines, do i need any thing on the acs?
thanks
06-09-2012 11:11 AM
Since you have configured authentication locally so in that case you don't need any configuration on the ACS 5.2.
However, in case you would like to authenticate users from tacacs server, all you need is
- Create AAA client with authentication method as TACACS
- Under Defalut admin access you may create a seprate rule for tacacs authentication otherwise set the default rule to PERMIT and that would work for you.
Hope it helps.
Regards,
Jatin
Do rate helpful posts-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide