Technical data

ManualsBrandsCisco ManualsComputer equipment1604 - 1604 Bridge/router

151

152

153

154

155

156

157

158

159

160

7-14 Dial Solutions Quick Configuration Guide

Configuring Authentication

You can create more than one authentication list or proﬁle for login and protocol authentication and

apply them to different lines or interfaces. The following examples show the line or interface

authentication commands that correspond to the aaa authentication global conﬁguration command.

The following example shows the default login authentication list applied to the console port and the

default virtual terminal (VTY) lines on the access server:

2511(config)# aaa authentication login default local

2511(config)# line console 0

2511(config-line)# login authentication default

2511(config-line)# line vty 0 4

2511(config-line)# login authentication default

In the following example, the login authentication list named rtp2-ofﬁce, which uses RADIUS

authentication, is created. It is applied to all 40 lines on a Cisco 2509 access server, including the

console (CTY) port, the 8 physical asynchronous (TTY) lines, the auxiliary (AUX) port, and

30 virtual terminal (VTY) lines:

2509(config)# aaa authentication login rtp2-office radius

2509(config)# line 0 39

2509(config-line)# login authentication rtp2-office

The following sample output shows lines and their status on the access server:

2509#show line

Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns

* 0 CTY - - - - - 0 0 0/0

* 1 TTY 57600/57600 - inout - - - 0 0 0/0

...

I 8 TTY 115200/115200 - inout - - - 0 0 0/0

9 AUX 38400/38400 - - - - - 0 0 0/0

10 VTY - - - - - 0 0 0/0

...

39 VTY - - - - - 0 0 0/0

ARA Authentication Examples

In the following example, the ARA authentication list bldg-d-list is created, then applied to lines

1 through 16 (the physical asynchronous lines) on a Cisco 2511 access server:

2511(config)# aaa authentication arap bldg-d-list auth-guest tacacs+

2511(config)# line 1 16

2511(config-line)# arap authentication bldg-d-list

PPP Authentication Examples

The following example creates the PPP authentication list marketing, which uses TACACS+, then

RADIUS authentication. The list marketing requires authentication only if the user has not already

been authenticated on another line. It is then applied to asynchronous lines 1 through 48 on a Cisco

AS5200 access server and uses CHAP authentication, instead of the default of PAP:

AS5200(config)# aaa authentication ppp marketing if-needed tacacs+ radius

AS5200(config)# line 1 48

AS5200(config-line)# ppp authentication chap marketing