Options

AAA Authentication

eleguaelegua Member Posts: 282
in CCNA & CCENT
Hi Guys,

Is this configuration correct?, what i want is that every user that try to connect to my router using SSH, authenticate local using AAA, is this correct or do i need something more?.
aaa new-model
aaa authentication login default local
!
!
username XXXXX privilege 15 secret XXXXX
username XXXXX privilege 1 secret XXXXX
!
!
line vty 0 4
 login authentication default
 transport preferred ssh


Thanks in advance. icon_wink.gificon_wink.gif
· Share on FacebookShare on Twitter

Comments

  • Options
    nice343nice343 Member Posts: 391
    looks about right
    My daily blog about IT and tech stuff
    http://techintuition.com/
    · Share on FacebookShare on Twitter
  • Options
    jabb000jabb000 Inactive Imported Users Posts: 42 ■■□□□□□□□□
    Looks good to go to me...............
    · Share on FacebookShare on Twitter
  • Options
    dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    no need to use "aaa new-model" if you don't want to in this case, but you need to change the "transport preferred ssh" to "transport input ssh" otherwide the router will think you want ssh to be the preferred outgoing protocol when connecting to other devices, but will still accept incomming telnet connections

    hostname Router1
    ip domain-name example.com
    ip ssh version 2
    crypto key generate rsa

    username bob secret cisco

    line vty 0 4
    login local
    transport input ssh
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • Options
    mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
    Change:
    login authentication default

    To
    login local

    when you use login authentication "default"

    you are referencing the default AAA configuration for a TACACS+ or RADIUS authentication
    mechninism.
    There is no place like 127.0.0.1
    · Share on FacebookShare on Twitter
Sign In or Register to comment.