Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentAS5800
61626364656667686970
Table Of Contents
2-23
Cisco AS5800 Operations, Administration, Maintenance, and Provisioning Guide
DOC-7810814=
Chapter 2 Commissioning
Task 2. Configuring Basic Cisco IOS Software
Configuring Local AAA Security
Configure AAA to perform login authentication by using the local username database. The login
keyword authenticates EXEC shell users. Additionally, configure PPP authentication to use the local
database if the session was not already authenticated by login.
AAA is the Cisco IOS software security model used on all Cisco devices. AAA provides the primary
framework through which you set up access control on the NAS.
In this basic discussion, the same authentication method is used on all interfaces. AAA is set up to use
the local database configured on the NAS. This local database is created with the username
configuration commands.
Step 1 Create a local login username database in global configuration mode. In this example,
the administrators username is admin. The remote clients login username is dude.
!
username admin password
adminpasshere
username dude password passhere
!
Caution This prevents you from getting locked out of the NAS. If you get locked out, you must
reboot the device and perform password recovery.
Step 2 Configure local AAA security in global configuration mode. You must enter the aaa new-model
command before the other two authentication commands.
!
aaa new-model
aaa authentication login default local
aaa authentication ppp default if-needed local
!
Table 2-5 describes the configuration:
Table 2-5 Local AAA Commands
Command Purpose
aaa new-model Initiates the AAA access control system. This
command immediately locks down login and PPP
authentication.
aaa authentication login default local Configures AAA to perform login authentication
by using the local username database. The login
keyword authenticates EXEC shell users.
aaa authentication ppp default if-needed local Configures PPP authentication to use the local
database if the session was not already
authenticated by login.