08-10-2011 09:40 AM
Hi everyone,
I´m looking for how can I configure AAA authenticacion on ASR9K.
I have a TACACS+ server
Thanks and regards,
Jaime.
08-10-2011 12:54 PM
Hi Jaime,
I would suggest to start here:
http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.7/security/configuration/guide/sc37aaa.html
08-10-2011 01:18 PM
Hi Jaime,
here is the basic configuration:
tacacs-server host
key 7
aaa group server tacacs+ acs-group
server
!
aaa authentication login acs-auth group acs-group local
!
line console
login authentication acs-auth
!
line default
login authentication acs-auth
!
An example:
RP/0/RSP1/CPU0:router#sh run tacacs-server
tacacs-server host 1.1.1.1 port 49
key 7 0822455D0A16544541
!
RP/0/RSP1/CPU0:router#sh run aaa group server tacacs+
aaa group server tacacs+ acs-group
server 1.1.1.1
!
RP/0/RSP1/CPU0:router#sh run aa authentication
aaa authentication login acs-auth group acs-group local
!
RP/0/RSP1/CPU0:router#sh run line default
line default
login authentication acs-auth
exec-timeout 0 0
!
08-10-2011 01:34 PM
Thanks a lot.
Regards,
Jaime.
08-23-2011 09:40 AM
If you're ready for the next level, you may want to check out this refernece also:
https://supportforums.cisco.com/docs/DOC-15944
xander
Xander Thuijs - CCIE #6775
Sr Tech Lead ASR9000
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide