Configuring AAA is relatively simple once the basic process
is understood. The basic steps to configure AAA security on a Cisco router or
access server are the following:
-
Enable AAA by using the aaa new-model
global configuration command.
-
If you decide to use a separate security server, such as
RADIUS, TACACS+, or Kerberos, configure security protocol parameters to use the
appropriate server(s).
-
Define the method lists for authentication by using an aaa authentication command.
-
Apply the method lists to a particular interface or line, if
required.
-
(Optional) Configure authorization using the aaa authorization command.
-
(Optional) Configure accounting using the aaa
accounting command.
You will look at Steps 3 through 6 in the next sections. For now,
you will concentrate on starting AAA and telling it how to find the
authentication server, assuming one will be used.
|
Note |
The exam and this book only use the TACACS+ and RADIUS
features. For more information on configuring Kerberos, go to http://www.cisco.com/ on the Web
and perform a search for configuring Kerberos. No CCO account is needed for much
of the information. |
Sections
Comments (0 posted)
Syndication
