🔐

Guide to AAA Local Authentication Setup

Sep 1, 2024

Notes on AAA Local Authentication Configuration

Introduction

  • Discussion on configuring AAA local authentication.
  • Focus on commands used for configuration, practice in future videos.

Importance of Local Database

  • Always add at least one username in the local database for backup.
    • Ensures access if server fails.
    • Example: Router configuration with one username and password.

Enabling AAA Authentication

  • Command to enable AAA: aaa new-model

Configuring Default Authentication List

  • Configure default authentication list command: aaa authentication login default local
  • Command Breakdown:
    • login: Allows user access via console or VTY terminals.
    • default: Applies to all lines (console, VTY, etc.).
    • local: Specifies the use of local database for authentication.

Authentication Methods Priority

  • Authentication checks in order:
    1. TACACS+ server
    2. RADIUS server
    3. Local database
  • Definitions:
    • Primary method: First server to check.
    • Backup method: Fallback if primary fails.

Applying Authentication List to Ports

  • Example to apply authentication to VTY lines:
    • Command to access VTY line:
    line vty 0 4 login authentication default
    • Specify a unique name if desired (e.g., class name).

Secure Transport Configuration

  • Command for secure communication only: transport input ssh
  • Applicable to both VTY and console lines:
    • Command for console line:
    line console 0 login authentication default

Transition to Server-Based Authentication

  • Requirement for a AAA server:
    • Dedicated machine to check user credentials.
  • Command to enable AAA on routers: aaa new-model

Configuring AAA Server Information

  • Specifying TACACS+ server's IP address: tacacs-server host [IP_ADDRESS]
  • Define shared key for secure communication: key newbie123

Authentication List for Server-Based

  • Command to create authentication list: aaa authentication login default group tacacs+ local
  • Authentication priority:
    1. TACACS+ server
    2. Local database

Applying Server-Based Authentication

  • Apply the defined list to VTY lines: line vty 0 4 login authentication default
  • Secure transport input command: transport input ssh

Conclusion

  • Summary of steps for configuring AAA local and server-based authentication.
  • Future demonstration on implementation.

Full transcript