Local AAA on IOS and XE

Network Diagnose & Troubleshoot

previous page next page

Local Authentication:

  1.  
Router(config)# aaa new-model
    •  Router(config)# aaa authentication login{default | list-name} method1[method2...]
  •  
    • Router(config)# line [aux | console | tty | vty] line-number [ending-line-number]
  •  
    • Router(config-line)# login authentication

    AAA Authorization Types

    Cisco IOS XE software supports five different types of authorization:

    Commands--Applies to the EXEC mode commands a user issues. Command authorization attempts

    authorization for all EXEC mode commands, including global configuration commands, associated with

    a specific privilege level.

    EXEC--Applies to the attributes associated with a user EXEC terminal session.

    Network--Applies to network connections. This can include a PPP, SLIP, or ARAP connection.

    Reverse Access--Applies to reverse Telnet sessions.

    Configuration--Applies to downloading configurations from the AAA server.

    IP Mobile--Applies to authorization for IP mobile services

    aaa authorization exec = Runs authorization to determine if the user is allowed to run an EXEC shell. This facility might return user profile information such as autocommand information.

    aaa authorization commands = Runs authorization for all commands at the specified privilege level.

    AAA Authorization:

     

    previous page start next page