cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
419
Views
0
Helpful
4
Replies
Highlighted
Frequent Contributor

aaa on routers

can anyone tell me how I would get my switches/routers etc to ask for a username, do I just type new aaa model, then aaa username xxxxx password xxxx ?

4 REPLIES 4
Highlighted
Beginner

Hi carl:

Try this:

router(config)#username xxx password xxx

router(config)#aaa new-model

router(config)#aaa authentication login default local

I hope it help (rate if it does)

Regards

Alberto Giorgi from spain

Highlighted

You could add "aaa authorization exec default local", in order to skip the enable password.

Highlighted

would i not type aaa new model first ? then do the username and password etc ?, also when setting up a router from default I get username and password anyway even though aaa is not configured, would this be the normal vty password, if so where is the username config?

thanks

Highlighted
Beginner

I have found best practice is to change the context of the username/password so I knew when the authentication had gone back to local authentication, ACS, or another tacacs+/Radius box. Also, I have always cleared the AAA configuration before reapplying the new and improved configuration. Make sure you have the correct passwords (enable, vty, console, enable secret, username) before performing this function. Do not save the configuration to memory until you have successfully completed a functional test.

This would be an example of my recommendation use TACACS+ as primary authentication and use local on failover-*Note: I have changed the username prompt to lower case when the process resorts to local username authentication:

username xxxxxxx password yyyyyyyy

no aaa new-model

aaa new-model

aaa authentication password-prompt password:

aaa authentication username-prompt username:

aaa authentication login default group tacacs+ local

aaa authentication login no_tacacs local

aaa authentication login ppp group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa authorization network default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

Content for Community-Ad