= Cisco Authentication =

**Summary**: Information all around on Cisco Authentication \\
**Date**: Around 2009 \\
**Refactor**: 21 February 2025: Checked links and formatting. \\
{{tag>cisco}}

This is a page with information about cisco authentication. It is an addon to the [[ciscoradiusad2008]] article.

All commands assume you've already logged on to the switch with privilege level 15 access and are already in config mode (conf t).

== Basic Cisco Configuration ==

To successfully configure the switch start with the administration of the switch, so configure the hostname, domain name and the nameserver:
<code>
hostname switch04
ip domain-name company.local
ip name-server 10.10.10.53
</code>

= Local user =

Create a local user with privilege 15. This user will be the fallback when RADIUS authentication fails.
<code>
username <user> priv 15 password <password>
</code>

== Authentication Configuration ==

Configure AAA security services (authentication, authorization, and accounting) on the switch to support the RADIUS security protocol
<code>
aaa new-model
</code>
\\
Configure the authentication methods
<code>
aaa authentication login default group radius local
aaa authorization exec default group radius local
</code>

== line VTY ==

Configure the default authentication method for all virtual terminal sessions (vty):
<code>
line vty 0 15
(config-line)# login authentication default
end
</code>

== Banner ==

Set a banner stating that all actions, logins etc. will be logged:
<code>
aaa authentication banner #
***************************************************************************
NOTICE TO USERS
This computer system is the private property of getshifting.com, whether
individual, corporate or government. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.
Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
agencies, both domestic and foreign.
By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials. Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to
use this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.
****************************************************************************
#
</code>

= Passwords In Config =

If the passwords in the running config show as plain text issue this command to show them encrypted:
<code>
service password-encryption
</code>

= Check and Close =

Now check the configuration, and only write the configuration to the cisco device if you can login successfully and everything is correct. To do so:
<code>
write
exit
</code>

= Sources =

[[http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml |Configure Basic AAA on an Access Server]]