The PPP authentication method lists are implemented on
interfaces with the ppp authentication {default | list-name} command. These lists contain up to four authentication methods that are
used when a user tries to log in to the serial interface. If no list is
implemented on an interface with the ppp authentication
command, a default list to be used can be specified with the default keyword
followed by the methods.
If authentication isn’t specifically set for a line, the default
is to deny access and no authentication is performed. Use the show
running-config command to display currently configured lists of
authentication methods.
The following example uses the previous named list example and
adds a PPP authentication list named PPP-access. This
authentication first tries to contact a TACACS+ server. If no TACACS+ server is
found, the user is allowed access with no authentication.
Rtr1(config)#aaa new-model
Rtr1(config)#tacacs-server host 192.168.1.4
Rtr1(config)#tacacs-server key seattle19
Rtr1(config)#aaa authentication login XYZ-access group tacacs+ enable none
Rtr1(config)#aaa authentication ppp PPP-access group tacacs+ none
Rtr1(config)#interface serial 0/1
Rtr1(config-if)#encapsulation ppp
Rtr1(config-if)#ppp authentication ppp-access
The following example creates the same list, but sets it as the
default list used for all login authentications if no other list is specified,
and adds the if-needed method.
Rtr1(config)#username last password hope
Rtr1(config)#aaa new-model
Rtr1(config)#tacacs-server host 192.168.1.4
Rtr1(config)#tacacs-server key seattle19
Rtr1(config)#aaa authentication login default group tacacs+ local enable none
Rtr1(config)#aaa authentication ppp default if-needed group tacacs+ none
Sections
Comments (0 posted)
Syndication
