Table of Contents
Advertisement
Tacacs server command identifies the TACACS+ server as having an IP address of 10.1.2.3. The
config-tacacs key command defines the shared encryption key to be "testkey."
interface command selects the port, and the ppp authentication command applies the test method
list to this port.
The following example configures TACACS+ as the security protocol to be used for PPP authentication
but instead of the method list "test," the method list, "default," is used.
aaa authentication ppp default if-needed tacacs+ local
tacacs-server host 1.2.3.4
tacacs-server key goaway
interface serial 1/1
ppp (default) authentication
In this example:
aaa authentication command defines a method list, "default," to be used on serial interfaces running
PPP. The if-needed keyword means that if the user has already authenticated, then PPP
authentication is not necessary and can be skipped. If authentication is needed, the keyword tacacs+
means that authentication will be done through TACACS+. If TACACS+ returns an ERROR of some
sort during authentication, the keyword local indicates that authentication will be attempted using the
local database on the network access server.
Tacacs server command identifies the TACACS+ daemon as having an IP address of 10.1.2.3. The
config-tacacs key command defines the shared encryption key to be "goaway."
interface command selects the port, and the ppp authentication command applies the default PPP
method list to this port.
2. TACACS+ Authorization Example
aaa authentication ppp default if-needed tacacs+ local
aaa authorization network default tacacs+
tacacs server 10.1.2.3
tacacs key goaway
interface serial 1/1
ppp (default) authentication
ppp (default) authorization
In this example:
aaa authentication command defines a method list, "default," to be used on serial interfaces running
PPP. The if-needed keyword means that if the user has already authenticated, then PPP
authentication is not necessary and can be skipped. If authentication is needed, the keyword tacacs+
means that authentication will be done through TACACS+. If TACACS+ returns an ERROR of some
sort during authentication, the keyword local indicates that authentication will be attempted using the
local database on the network access server.
aaa authorization command configures network authorization via TACACS+.
Tacacs server host command identifies the TACACS+ daemon as having an IP address of 10.1.2.3.
tacacs server key command defines the shared encryption key to be "goaway."
interface command selects the line, and the ppp authentication command and the ppp
authorization applies the default authentication or authorization method list to this port.
3. TACACS+ Accounting Example
aaa authentication ppp default if-needed tacacs+ local
aaa accounting network default stop-only tacacs+
tacacs server 10.1.2.3
tacacs key goaway
interface serial 1/1
ppp (default) authentication
ppp (default) accounting
Model Name
- 357 -
Hide quick links:
Advertisement
Table of Contents
