Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Configuring AAA Authentication and AAA Authorization for Vty Lines
To configure AAA new model authentication and authorization for inbound sessions to vty lines on your router:
 | Note: Before you configure AAA authentication and AAA authorization, you need to configure a RADIUS and/or TACACS+ authentication server. Note that several of the steps in the configuration procedure are optional. |
- Specify AAA new model authentication.host1(config)#aaa new-model
- Create an authentication list that specifies the types
of authentication methods allowed.host1(config)#aaa authentication login my_auth_list tacacs+ line enable
- (Optional) Specify the privilege level by defining a method
list for authentication.host1(config)aaa authentication enable default tacacs+ radius enable
- (Optional) Enable authorization, and create an authorization
method list.host1(config)aaa authorization commands 15 boston if-authenticated tacacs+
- (Optional) Disable authorization for all Global Configuration
commands.host1(config)#no aaa authorization config-commands
- Specify the range of vty lines.host1(config)#line vty 6 10host1(config-line)#
- (Optional) Apply an authorization list to a vty line or
a range of vty lines.host1(config-line)#authorization commands 15 boston
- Specify the password for the vty lines. host1(config-line)#password xyz
- Apply the authentication list to the vty lines you specified
on your router.host1(config-line)#login authentication my_auth_list
