Hi all,
I'm in the process of testing out a AAA config on a router, and if
successful I will be rolling this out to my network.
The config seems to work very well with CiscoSecure ACS for NT 2.4. However,
ther are some quircks that I'm just not sure about.
The following is the config that I'm using:
hostname Router1
!
aaa new-model
aaa authentication login list1 local group tacacs+
aaa authentication ppp list1 local group tacacs+
aaa authorization exec list1 local group tacacs+
aaa authorization network list1 local group tacacs+
aaa accounting exec list1 start-stop group tacacs+
aaa accounting network list1 start-stop group tacacs+
enable password cisco
!
username user1 password 0 cisco
!
tacacs-server host 172.16.1.211
tacacs-server key 12345
!
line con 0
password cisco
transport input none
line aux 0
line vty 0 4
password cisco
login authentication list1
Questions:
1. When I try and setup the method list (list1) for authentication with
tacacs+ first then local, it does not allow local authentication, it wll
only look to the tacacs+ server for validation. However, if I list local
first, then tacacs+, it'll work as desired. Why is this so? Shouldn't it
work the other way around also?
2. I've shosen to implement the authentication on vty sessions only by using
the 'login authentication list1' command that I read on CCO. The ACS sotwre
suggested that I use the combination 'aaa authen login no_tacacs enable/line
con 0/ login authen no_tacas' command. However, when I tried this, it
totally bombed. What did I do wrong?
Thanks!
Robert
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
