wiki.getshifting.com

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools

Trace: Cisco Authentication
ciscoaaa

Table of Contents

Cisco Authentication

Summary: Information all around on Cisco Authentication
Date: Around 2009
Refactor: 21 February 2025: Checked links and formatting.

This is a page with information about cisco authentication. It is an addon to the Cisco Radius Authentication on Active Directory 2008 article.

All commands assume you've already logged on to the switch with privilege level 15 access and are already in config mode (conf t).

Basic Cisco Configuration

To successfully configure the switch start with the administration of the switch, so configure the hostname, domain name and the nameserver: 

hostname switch04
ip domain-name company.local
ip name-server 10.10.10.53

Local user

Create a local user with privilege 15. This user will be the fallback when RADIUS authentication fails. 

username <user> priv 15 password <password>

Authentication Configuration

Configure AAA security services (authentication, authorization, and accounting) on the switch to support the RADIUS security protocol 

aaa new-model


Configure the authentication methods 

aaa authentication login default group radius local
aaa authorization exec default group radius local

line VTY

Configure the default authentication method for all virtual terminal sessions (vty): 

line vty 0 15
(config-line)# login authentication default
end

Set a banner stating that all actions, logins etc. will be logged: 

aaa authentication banner #
***************************************************************************
NOTICE TO USERS
This computer system is the private property of getshifting.com, whether
individual, corporate or government. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.
Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
agencies, both domestic and foreign.
By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials. Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to
use this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.
****************************************************************************
#

Passwords In Config

If the passwords in the running config show as plain text issue this command to show them encrypted: 

service password-encryption

Check and Close

Now check the configuration, and only write the configuration to the cisco device if you can login successfully and everything is correct. To do so: 

write
exit

Sources

Configure Basic AAA on an Access Server

ciscoaaa.txt · Last modified: by 127.0.0.1