Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring AAA Authentication and AAA Authorization for Vty Lines

    To configure AAA new model authentication and authorization for inbound sessions to vty lines on your router:

    Note: Before you configure AAA authentication and AAA authorization, you need to configure a RADIUS and/or TACACS+ authentication server. Note that several of the steps in the configuration procedure are optional.

    1. Specify AAA new model authentication.
      host1(config)#aaa new-model
    2. Create an authentication list that specifies the types of authentication methods allowed.
      host1(config)#aaa authentication login my_auth_list tacacs+ line enable
    3. (Optional) Specify the privilege level by defining a method list for authentication.
      host1(config)aaa authentication enable default tacacs+ radius enable
    4. (Optional) Enable authorization, and create an authorization method list.
      host1(config)aaa authorization commands 15 boston if-authenticated tacacs+
    5. (Optional) Disable authorization for all Global Configuration commands.
      host1(config)#no aaa authorization config-commands
    6. Specify the range of vty lines.
      host1(config)#line vty 6 10host1(config-line)#
    7. (Optional) Apply an authorization list to a vty line or a range of vty lines.
      host1(config-line)#authorization commands 15 boston
    8. Specify the password for the vty lines.
      host1(config-line)#password xyz
    9. Apply the authentication list to the vty lines you specified on your router.
      host1(config-line)#login authentication my_auth_list

    Published: 2014-08-12