13-14
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 13 Configuring AAA Servers and the Local Database
Identifying AAA Server Groups and Servers
Example 13-1 shows commands that add one TACACS+ group with one primary and one backup server,
one RADIUS group with a single server, and an NT domain server.
Example 13-1 Multiple AAA Server Groups and Servers
hostname(config)# aaa-server AuthInbound protocol tacacs+
hostname(config-aaa-server-group)# max-failed-attempts 2
hostname(config-aaa-server-group)# reactivation-mode depletion deadtime 20
hostname(config-aaa-server-group)# exit
hostname(config)# aaa-server AuthInbound (inside) host 10.1.1.1
hostname(config-aaa-server-host)# key TACPlusUauthKey
Table 13-2 Host Mode Commands, Server Types, and Defaults
Command Applicable AAA Server Types Default Value
accounting-port RADIUS 1646
acl-netmask-convert RADIUS standard
authentication-port RADIUS 1645
kerberos-realm Kerberos —
key RADIUS —
TAC ACS+ —
ldap-attribute-map LDAP —
ldap-base-dn LDAP —
ldap-login-dn LDAP —
ldap-login-password LDAP —
ldap-naming-attribute LDAP —
ldap-over-ssl LDAP —
ldap-scope LDAP —
nt-auth-domain-controller NT —
radius-common-pw RADIUS —
retry-interval Kerberos 10 seconds
RADIUS 10 seconds
SDI 10 seconds
sasl-mechanism LDAP —
server-port Kerberos 88
LDAP 389
NT 139
SDI 5500
TAC ACS+ 49
server-type LDAP auto-discovery
timeout All 10 seconds
To Next Page
Loading...
