AAA authenticaiton on Cisco device
Type the following command under the line:Username cisco password cisco
Aaa new-model
Aaa authentication login vty.authengroup tacacs+ local none
Tacacs-server host 192.168.127.233 key cisco
Radius-server host 192.168.127.233 key cisco
Line vty 0 15
Password ppp
Login authentication vty.authen
***if we set the ACS correctly, we should create a username Devin; and input the server client on the ACS.
Because we type the command vty.authengroup tacacs+ local none; then authentication will first find the ACS tacas server, if it is not successful, it will seek local username/password. If the local also don’t have the username/password, it will keep none login.
Test:
1, make the network between client and ACS broken down, we can use the PPP login this router without password; also we can use the devin to login the router without password. At last we need to use cisco with password cisco to login.
2, if the network is ok, we can only use the ACS as the authentication, then we canonly use the devin as the only way to login.
页:
[1]