Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentAS5300 - Universal Access Server
121122123124125126127128129130
Access Service Security 4-15
Applying Authentication Method Lists
Applying Authentication Method Lists
As described in the “Defining Authentication Method Lists” section earlier in this chapter, the
aaa authentication global configuration command creates authentication method lists or profiles.
You apply these authentication method lists to lines or interfaces by issuing the login
authentication, arap authentication, or ppp authentication command, as described in Table 4-7.
You can create more than one authentication list or profile for login and protocol authentication and
apply them to different lines or interfaces. The following examples show the line or interface
authentication commands that correspond to the aaa authentication global configuration command.
Login Authentication Examples
The following example shows the default login authentication list applied to the console port and the
default virtual terminal (vty) lines on the access server:
5300(config)# aaa authentication login default local
5300(config)# line console 0
5300(config-line)# login authentication default
5300(config-line)# line vty 0 4
5300(config-line)# login authentication default
In the following example, the login authentication list named rtp2-office, which uses RADIUS
authentication, is created. It is applied to all 54 lines on a Cisco AS5300 access server configured
with a dual T1 PRI card, including the console (CON) port, the 48 physical asynchronous (tty) lines,
the auxiliary (AUX) port, and 5 virtual terminal (vty) lines:
5300(config)# aaa authentication login rtp2-office radius
5300(config)# line 0 54
5300(config-line)# login authentication rtp2-office
Table 4-7 Applying Authentication Method Lists
Interface and Line
Command Action
Port to which
List is Applied
Corresponding Global
Configuration Command
login authentication Logs directly in to the access server Console port or vty
lines
aaa authentication login
arap authentication Uses ARA to access AppleTalk
network resources
tty line aaa authentication arap
ppp authentication
1
1. If you entered the ppp authentication command, you must specify either CHAP or PAP authentication. PAP is enabled by default,
but Cisco recommends that you use CHAP because CHAP is more secure. For more information, refer to the Security Configuration
Guide.
Uses PPP to access IP or IPX
network resources
Interface aaa authentication ppp