Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentAS5800
171172173174175176177178179180
Table Of Contents
4-38
Cisco AS5800 Operations, Administration, Maintenance, and Provisioning Guide
DOC-7810814=
Chapter 4 Administration
Access Service Security
TACACS+ Security Examples
The following examples show complete security configuration components of a configuration file on a
Cisco AS5800. Each example shows authentication and authorization.
Local TACACS+ Security Example
The following sample configuration uses AAA to configure default authentication using a local security
database on the Cisco AS5800. All lines and interfaces have the default authentication lists applied.
Users aaaa, bbbb, and cccc have been assigned privilege level 7. This prevents them from issuing ppp
and slip commands because these commands have been assigned to privilege level 8.
aaa new-model
aaa authentication login default local
aaa authentication arap default local
aaa authentication ppp default local
aaa authorization exec local
aaa authorization network local
aaa authorization
!
username aaaa privilege exec level 7 privilege network level 8 password 7 095E470B1110
username bbbb privilege network level 7 password 7 0215055500070C294D
username cccc privilege network level 7 password 7 095E4F10140A1916
!
privilege exec level 8 ppp
privilege exec level 8 slip
line console 0
login authentication default
!
line 2/2/0 2/2/47
interface Group-Async1
ppp authentication chap default
group-range 2/2/0 2/2/47
The following configuration displays the sign-on dialog from a remote PC:
atdt5551234
CONNECT 14400/ARQ/V32/LAPM/V42BIS
User Access Verification
Username: username
Password: password
5800-1> enable
Password: password
5800-1#
TACACS+ Security Example for Login and PPP
The following example shows how to create and apply the following authentication lists:
A TACACS+ server named AAA is polled for authentication information (so you do not need to
define a local username database). The shared key between the Cisco AS5800 and the TACACS+
security server is 007.
A login authentication list named rtp-office is created, then applied to the console port.
A PPP authentication list named marketing is created, and applied to group async interface 0, which
includes asynchronous interfaces 2/2/0 to 2/2/47.