2321212dd 发表于 2016-11-28 10:31:44

Cisco 7200路由器简单AAA实验





!配置本地用户名和密码
R1(config)#username hello privilege 15 secret 0 world
!开户AAA
R1(config)#aaa new-model
!指定ACS为tacacs服务器地址-----旧语法
R1(config)#tacacs-server host 192.168.11.56 key cisco123
!新语法
R1(config)#tacacs server vmacs56
R1(config-server-tacacs)#address ipv4 192.168.11.56
R1(config-server-tacacs)#key cisco123
!配置AAA服务器组
R1(config)#aaa group server tacacs+ mygroup1
R1(config-sg-tacacs+)#server 192.168.11.56
!配置认证和授权方法列表
R1(config)#aaa authentication login myauthenlist group mygroup1 local
R1(config)#aaa authorization exec myauthorlist group mygroup1 local
!在VTY线路下指定认证和授权
R1(config)#line vty 0 4
R1(config-line)#login authentication myauthenlist
R1(config-line)#authorization exec myauthorlist
!测试
R1#test aaa group mygroup1 111 123456 legacy
Attempting authentication test to server-group mygroup1 using tacacs+
User was successfully authenticated.

yujz335 发表于 2016-12-12 15:09:07

本帖最后由 yujz335 于 2016-12-12 15:13 编辑

你好,我现在有个问题,cisco 4507   IOS升到15.0后,AAA认证就不行了。

aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login noacs group tacacs+ local
aaa authorization exec noacs group tacacs+ local
aaa authorization commands 15 noacs group tacacs+ local


aaa accounting exec noacs start-stop group tacacs+
aaa accounting commands 15 noacs start-stop group tacacs+
!
tacacs server acs
address ipv4 172.16.0.17
key password


line vty 0 4
password password001
authorization commands 15 noacs
authorization exec noacs
accounting commands 15 noacs
accounting exec noacs
logging synchronous
login authentication noacs
transport input telnet ssh

yujz335 发表于 2016-12-12 15:14:12

test aaa group tacacs+ 111 111 legacy
Attempting authentication test to server-group tacacs+ using tacacs+
No authoritative response from any server.
页: [1]
查看完整版本: Cisco 7200路由器简单AAA实验