Defining aaa server groups – Cisco 15327 User Manual

Page 325

Advertising
background image

19-13

Ethernet Card Software Feature and Configuration Guide, R7.2

Chapter 19 Configuring Security for the ML-Series Card

Configuring RADIUS

To disable AAA, use the no aaa new-model global configuration command. To disable AAA
authentication, use the no aaa authentication login {default | list-name} method1 [method2...] global
configuration command. To either disable RADIUS authentication for logins or to return to the default
value, use the no login authentication {default | list-name} line configuration command.

Defining AAA Server Groups

You can configure the ML-Series card to use AAA server groups to group existing server hosts for
authentication. You select a subset of the configured server hosts and use them for a particular service.
The server group is used with a global server-host list, which lists the IP addresses of the selected server
hosts.

Server groups also can include multiple host entries for the same server if each entry has a unique
identifier (the combination of the IP address and UDP port number), allowing different ports to be
individually defined as RADIUS hosts providing a specific AAA service, such as accounting. If you
configure two different host entries on the same RADIUS server for the same service, the second
configured host entry acts as a fail-over backup to the first one.

You use the server group server configuration command to associate a particular server with a defined
group server. You can either identify the server by its IP address or identify multiple host instances or
entries by using the optional auth-port and acct-port keywords.

Beginning in privileged EXEC mode, follow these steps to define the AAA server group and associate a
particular RADIUS server with it:

Step 5

Router (config-line)# login

authentication

{

default

| list-name}

Apply the authentication list to a line or set of lines.

If you specify default, use the default list created with the aaa
authentication login command.

For list-name, specify the list created with the aaa authentication
login command.

Step 6

Router (config)# end

Return to privileged EXEC mode.

Step 7

Router# show running-config

Verify your entries.

Step 8

Router# copy running-config

startup-config

(Optional) Save your entries in the configuration file.

Command

Purpose

Command

Purpose

Step 1

Router# configure terminal

Enter global configuration mode.

Step 2

Router (config)# aaa new-model

Enable AAA.

Advertising
Popular Brands
Popular manuals