Category Archives: AAA

AAA / RBAC

AAA – Central database for remote access.
Authentication – Identifies users, login/password.
Authorization – Access Control
Accounting – Logging session statistics and usage information.

RBAC – Role-based access control.
– Manage user account and assign role.

Advertisements

AAA Configuration

! Enable AAA
aaa new-model

!Specify server for tacacs and shared key
tacacs-server host 192.168.1.1 key ******

!Default Method
aaa authentication login default group tacacs+ local

!Custom Method
aaa authentication login MYCONSOLE local

!Apply in line console
line console 0
login authentication MYCONSOLE
Authorization exec MYCONSOLE

! Check with TACACS first and then local if TACACS is unavailable.
aaa authorization commands 15 default group tacacs+ local if-authenticated

! Authorize commands that have a privilege level of 1.
aaa authorization commands 1 default group tacacs+ local if-authenticated

! Authorize privilege level 15 commands.
aaa authorization commands 15 default group tacacs+ local if-authenticated

! Generating Resource Records and Logs
aaa accounting send stop-record authentication failure
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+