local AAA Config on 1900

Ibrahim Jamil · ‎06-01-2012

Hi Experts

how to configure 1900 router for local AAA and only allow ssh to it

thanks

jamil

cflory · ‎06-01-2012

For local AAA:

aaa new-model
aaa authentication login default local
username user privilege 15 secret password (for access directly to privileged exec -security concern here)

or

username user secret password (requires that you type in enable secret)

For SSH:

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

Ibrahim Jamil · ‎06-01-2012

thanks for ur reply

John Blakley · ‎06-02-2012

Jamil,

In addition to what was posted about the aaa config, you can restrict to using ssh on the line itself:

line vty 0 4

transport input ssh

HTH,

John

HTH, John *** Please rate all useful posts ***

Ibrahim Jamil · ‎06-07-2012

hi

i have cisco acs 5.2 with all all default methode applied to all lines, do i need any thing on the acs?

thanks

Jatin Katyal · ‎06-09-2012

Since you have configured authentication locally so in that case you don't need any configuration on the ACS 5.2.

However, in case you would like to authenticate users from tacacs server, all you need is

- Create AAA client with authentication method as TACACS

- Under Defalut admin access you may create a seprate rule for tacacs authentication otherwise set the default rule to PERMIT and that would work for you.

Hope it helps.

Regards,

Jatin

Do rate helpful posts-

~Jatin