AAA in networking terminology is an abbreviation for Authentication, Authorization and Accounting.
AAA is what keeps the network secure by making sure only the right and legitimate users are authenticated, that those users have access only to the right network resources and that those users are logged as they go about their business.
In this post we will be configuring AAA on Cisco IOS router with two pre-requisites that should be kept in mind: – Step 1: Create a backup user account Step 2: Enable AAA
CONFIGURING AAA IN STEPS:
In this post we will be configuring AAA on Cisco IOS router with two pre-requisites that should be kept in mind:
Step 1: Create a backup user account
Step 2: Enable AAA
Step4: Define the AAA method list
We need to define a method list which instructs the router to use AAA authentication for terminal logins.
aaa authentication login : It specifies that the following parameters are to be used for user login authentication. The word default is used instead of a custom name for the list (you can only define one default list for each AAA function).
group tacacs+: means “use all configured TACACS+ servers.
local: defines a secondary authentication mechanism; it instructs the router to failover to locally defined user accounts if none of the authentication servers in the first method are reachable.
The above method list handles only the authentication aspect of AAA. By itself, this list only allows us to authenticate as a user with privilege level 1 (user exec mode).
To communicate a heightened privilege level (e.g. privilege level 15, or “enable mode”) from the TACACS+ server, we also need to define an authorization method list
Step 5: Enforcing AAA authentication on terminal lines
Note: These commands won’t be visible under the running-configuration.