AAA logins Authentication

[Edward999]

Hi Can anyone tell me what is AAA logins authentication? i need to implement on cisco router. Do i need a server?

i need to configure AAA logins authentication on line con 0 and vty line.

router(config)#line con 0
router(config-line)#login authentication default
router(config-line)# exit

Please help....

thx for any reply

 

[vipergg]

Nothing needed at the interface level at the global level use the following . I would certainly try it on a test box first because if something is not right you can lock yourself out of the box. Yes you need a server running tacacs plus then you point all your network devices to that to authenticate. Go to cisco.com and search on configuring tacacs .

aaa new-model
aaa authentication login default group tacacs+ line
aaa authentication login vty line group tacacs+
aaa authentication enable default group tacacs+ enable

tacacs-server host xxx.xxx.xxx.xxx (tacacs server address)
no tacacs-server directed-request
tacacs-server key XXXXXXXXXXXXX

 

[ADB100]

You can also obviously use RADIUS instead of TACACS+ - not as secure since only passwords are encrypted in the conversations between the RADIUS clients & server but still does the job of authenticating users. (TACACS+ encrypts the whole packet)

I use Microsoft IAS (RADIUS Server that is included in Windows 2000 or 2003 Server) to authenticate users against Active Directory and it works excellently.

Andy