Router(config)#aaa authentication login
default group radius local line
Sets the default login
location as the RADIUS
server. If there is no
response from the server,
use the local username and
password database.
NOTE: AAA
authentication can be
used for general login,
privileged EXEC mode
access, 802.1x, EAP over
UDP, PPP, and Stack
Group Bidding Protocol
(SGBP).
Con?¬?guring AAA on Cisco Routers Using CLI 131
Authorization
Accounting
Router(config)#aaa authorization exec default
group tacacs+ local none
Sets that authorization
will be performed by
TACACS+. If no
connection can be made,
the local database will be
used.
Router(config)#aaa authorization exec default
group radius local none
Authorization will be
performed by RADIUS.
If no connection can be
made, the local database
will be used.
Router(config)#aaa authorization commands 15
tacacs+ if-authenticated none
Runs authorization for all
commands at privilege
level 15
NOTE: The aaa
authorization command
can be used to authorize
an EXEC shell,
commands at a
particular privilege
level, network access
(including SLIP, PPP,
PPP-NCP and AppleTalk
Remote Access), and
reverse Telnet
connections.
Router(config)#aaa accounting exec default
start-stop group tacacs+
Audits the EXEC process
using a start-stop
accounting notice with
TACACS+
132 Con?¬?guring AAA on Cisco Routers Using SDM
Con?¬?guring AAA on Cisco Routers Using SDM
From the home page of SDM, click the Con?¬?gure button at the top of the page, and then
click the Additional Tasks icon in the Tasks toolbar.
Pages:
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122