4-24
Cisco AS5800 Operations, Administration, Maintenance, and Provisioning Guide
DOC-7810814=
Chapter 4 Administration
Access Service Security
Configuring TACACS+
The following global configuration commands provide basic security and local database configuration.
Step 1 Enable the AAA access control modem that includes TACACS+.
5800-1(config)# aaa new-model
Step 2 Enable AAA authentication method during login.
5800-1(config)# aaa authentication login default local
Step 3 Enable AAA authentication method during login using a methods list.
5800-1(config)# aaa authentication login console none
Step 4 Enable AAA authentication method for use on serial interfaces running PPP when TACACS+ is used.
5800-1(config)# aaa authentication ppp default if-needed local
Step 5 Enter authorization for username and password.
5800-1(config)# username username password password
TACACS+ Authentication
Use the AAA facility to authenticate users with either a local or remote security database. For more
information about a local and remote security database, refer to the “Local and Remote Server
Authentication” section on page 4-13.
Whether you maintain a local or remote security database, or use TACACS+ or RADIUS authentication
and authorization, the process of configuring the Cisco AS5800 for these different databases and
protocols is similar. The basic process of configuring the Cisco IOS software for authentication requires
the following tasks:
1. Securing Access to Privileged EXEC and Configuration Mode
2. Communicating Between the Access and Security Servers
3. Enabling AAA Globally
4. Defining Authentication Method Lists
–
Issue the aaa authentication Command, page 4-30
–
Specify Protocol or Login Authentication, page 4-30
–
Identify a List Name, page 4-30
–
Specify the Authentication Method, page 4-31
–
Populate the Local Username Database if Necessary, page 4-32
5. Applying Authentication Method Lists, page 4-33
Comments to this Manuals