First enable AAA in the router.
R1(config)#aaa new-model
Configure the authentication method.
R1(config)#aaa authentication login tac_access group tacacs+ local
R1(config)#aaa authentication login default local
Configure the tacas client to connect to server.
R1(config)#tacacs-server host 172.16.1.11 key keep_IT_secret
The problem with just enabling AAA new-model is that if you don't have local authentication configured as last login option with at least one local user-name password, you take the risk of locking yourself out of the router.
R1(config)#username jayesh password jayesh123
Now configure your terminal lines for aaa authenticated login. On your console and auxiliary lines, it is better to configure local authentication alone
R1(config)#line console 0
R1(config-line)#login authentication default
R1(config-line)#exit
R1(config)#line aux 0
R1(config-line)#login authentication default
R1(config-line)#exit
R1(config)#line vty 0 4
R1(config-line)#login authentication tac_access
R1(config-line)#end
Now save your configuration
R1#copy run start
From R2
R2>ssh -l safeer 192.168.2.1
No comments:
Post a Comment