O'Reilly logo

CCIE Security Practice Labs by Fahim Hussain Yusuf Bhaiji

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Section 7.0: AAA

7.1. AAA on the Router

  1. Configure TACACS+ authentication and authorization on R2.

  2. Configure EXEC and commands accounting.

  3. Configure TACACS+ single-connection on R2 and ACS to maintain a single open TCP connection, as demonstrated in the example following item 4.

  4. Hidden issue: For all routers to be able to Telnet R2, you need to open a hole in ACL configured on R2, as demonstrated in the following example:

     hostname r2 ! aaa new-model aaa authentication login vty tacacs+ none aaa authentication login con none aaa authentication ppp default local aaa authentication ppp isdn radius local aaa authorization exec vty tacacs+ none aaa authorization exec con none aaa authorization network default local aaa authorization network isdn radius ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required