Manualshelf

Technical data

ManualsBrandsCisco ManualsComputer equipment1604 - 1604 Bridge/router
151152153154155156157158159160
Security Configuration 7-19
Security Configuration Examples
TACACS+ Security Example for Login, PPP, and ARA
The following example shows how to create and apply the following authentication lists:
A TACACS+ server named dog-house is polled for authentication information (so you do not
need to define a local username database). The shared key between the access server and the
TACACS+ security server is shepard4:
A login authentication list named rtp2-office is created, then applied to the console port.
A PPP authentication list named marketing is created, then applied to group async interface 0,
which includes asynchronous interfaces 1 to 16.
An ARA list named los-banos-office is created and applied to lines 1 to 16.
Note The authentication method lists used in this example use names other than default. However,
you generally specify default as the list name for most lines and interfaces, and apply different
named lists on an exception basis. These names are used only for illustrative purposes.
hostname 2511
!
tacacs-server host dog-house
tacacs-server key shepard4
!
aaa authentication login rtp2-office tacacs+
aaa authentication ppp marketing if-needed tacacs+
aaa authentication arap los-banos-office tacacs+
!
line console0
login authentication rtp2-office
!
interface group-async0
ppp authentication chap marketing
group-range 1 16
!
line 1 16
arap authentication los-banos-office
!
RADIUS Example for Login and PPP
The following example shows how to create the following authentication lists:
A RADIUS server named pig-pen is polled for authentication information (so you do not need to
define a local username database). The shared key between the access server and the RADIUS
security server is BaBe218.
A login authentication list named fly is created, then applied to all lines that users can log in to,
except the console port. In this example, the console port is physically secure and does not need
password protection. The access server is locked in a closet and secured behind a deadbolt lock.
A PPP authentication list maaaa is created, then applied to group async interface 658, which
includes asynchronous interfaces 1 to 16. CHAP authentication is used, because it is more secure
than PAP.
radius-server host pig-pen
radius-server key BaBe218
!
privilege exec level 14 configure