Configuring AAA Authentication and AAA Authorization
Before you configure AAA authentication and AAA authorization, you need to configure
a RADIUS and/or TACACS+ authentication server. Note that several of the steps in
the configuration procedure are optional.
To configure AAA new model authentication and authorization for inbound sessions
to vty lines on your router:
1. Specify AAA new model authentication.
host1(config)#aaa new-model
2. Create an authentication list that specifies the types of authentication methods
allowed.
host1(config)#aaa authentication login my_auth_list tacacs+ line enable
3. (Optional) Specify the privilege level by defining a method list for authentication.
host1(config)aaa authentication enable default tacacs+ radius enable
4. (Optional) Enable authorization, and create an authorization method list.
host1(config)aaa authorization commands 15 boston if-authenticated tacacs+
5. (Optional) Disable authorization for all Global Configuration commands.
host1(config)#no aaa authorization config-commands
6. Specify the range of vty lines.
host1(config)#line vty 6 10
host1(config-line)#
7. (Optional) Apply an authorization list to a vty line or a range of vty lines.
host1(config-line)#authorization commands 15 boston
8. Specify the password for the vty lines.
host1(config-line)#password xyz
9. Apply the authentication list to the vty lines you specified on your router.
host1(config-line)#login authentication my_auth_list
aaa authentication enable default
430 â– Vty Line Authentication and Authorization
JUNOSe 11.1.x System Basics Configuration Guide
To Next Page
Loading...
Need help?
General
