Section 7.0: AAA
7.1. AAA on the Router
Configure AAA on R4 to use the TACACS+ server.
Configure authentication, EXEC authorization, and command-level 1/10/15 authorization.
Move the show running-config command to level 10 for user1 to be able to invoke it.
Configure fallback to local in the event the AAA server goes down.
Make sure you use a named method list and apply it to vty lines. Do not configure any authentication or authorization for console or auxiliary ports, or you will lose all marks.
Use the following example to configure all of the above.
aaa new-model aaa authentication login vtyline group tacacs+ local aaa authentication login con-none none aaa authorization exec vtyexec group tacacs+ local aaa authorization exec conexec none aaa ...
Get CCIE Security Practice Labs now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
