Below shows the required configuration commands for configuring AAA.
Authentication
Interactive user
#(config) aaa-server <server name> protocol <tacacs/radius>
#(config) aaa-server <server name> <interface> host <AAA server IP>
#(config) aaa authentication include <https/https/ftp/telnet> inbound 0 0 0 0
#(config) access-list 111 permit tcp any any eq ftp
#(config) aaa authentication match 111 <interface> <AAA server name>
Console Access
#(config) aaa authentication http/enable/serial/telnet/ssh console <aaa server>
#(config) Timeout uauth 3:00 absolute
#(config) Timeout uauth 0:30 inactivity
Authorisation
#(config) access-list 113 permit tcp any any eq ftp
#(config) aaa authorisation match 113 <interface> <aaa server>
This will authorise only tcp ports 1-444 inbound from anywhere to anywhere
#(config)#aaa authorisation include tcp/1-444 inbound 0 0 0 0 <server name>
Accounting
#(config)aaa accounting match <acl> <interface> <aaa server>
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become an IT Security expert?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial