Separating Authentication Methods - Cisco ASR 5000 Administration Manual
Staros release 21.1
Hide thumbs
Also See for ASR 5000:
- Installation manual (294 pages) ,
- Administration manual (159 pages) ,
- Installation procedure (8 pages)
Table of Contents
Advertisement
Separating Authentication Methods
Important
At the Exec Mode prompt, enter the following command:
show tacacs [ client | priv-lvl | session | summary ]
The output of the show tacacs commands provides summary information for each active TACACS+ session
such as username, login time, login status, current session state and privilege level. Optional filter keywords
provide additional information.
An example of this command's output is provided below. In this example, a system administrative user named
asradmin has successfully logged in to the system via TACACS+ AAA services.
active session #1:
login username
login tty
time of login
login server priority
current login status
current session state
current privilege level
remote client application
remote client ip address
last server reply status
total TACACS+ sessions
Important
Separating Authentication Methods
You can configure separate authentication methods for accessing the Console port and establishing SSH/telnet
sessions (vty lines).
If you configure TACACS+ globally, access to the Console and vty lines are both authenticated using that
method.
Since the Console port is a last resort access to StarOS, you can configure local authentication for the Console
and employ TACACS+ for the vty lines.
Important
Separating authentication methods (Console versus vty lines) requires disabling Console access for users
based on the type of authentication.
ASR 5000 System Administration Guide, StarOS Release 21.1
58
Once TACACS+ AAA services are configured and enabled on the ASR 5x00, the system first will try to
authenticate the administrative user via TACACS+ AAA services. By default, if TACACS+ authentication
fails, the system then continues with authentication using non-TACACS+ AAA services.
For details on all TACACS+ maintenance commands, refer to the Command Line Interface Reference.
This feature extends to AAA (Authentication, Authorization and Accounting) service as well as local
users. For example, local-users may have only Console access and AAA (VPN context) users with access
only via vty lines.
: asradmin
: /dev/pts/1
: Fri Oct 22 13:19:11 2011
: 1
: pass
: user login complete
: 15
: ssh
: 111.11.11.11
: -1
: 1
System Settings
Advertisement
Table of Contents
Troubleshooting
