Categories
CCNP Enterprise Core (350-401) Cisco Security

Configuring AAA for Network Device Access Control

Create a local user with full privilege for fallback

username fallback_admin privilege 15 algorithm-type scrypt secret Bananas123

Enable AAA functions with the command aaa new-model

Next add a TACACS server and group

tacacs server authentication_server
 address 192.168.1.50
 key tacacskey

aaa group server tacacs+ authentication_group
 server name authentication_server

Finally enable AAA login authentication with the following command

aaa authentication login default group authentication_group local enable

Enable AAA authorisation for EXEC

aaa authorization exec default group authentication_group if-authenticated

Allow AAA authorisation for the console

aaa authorization console

Enable AAA command authorisation

aaa authorization comands 0 default group authentication-group if-authenticated
aaa authorization comands 1 default group authentication-group if-authenticated
aaa authorization comands 15 default group authentication-group if-authenticated

aaa authorization config-commands

Enable AAA accounting

aaa accounting exec default start-stop group authentication-group
aaa accounting exec commands 0 start-stop group authentication-group
aaa accounting exec commands 1 start-stop group authentication-group
aaa accounting exec commands 15 start-stop group authentication-group

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.