Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

60-4

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 60 Router Device Administration

AAA on Cisco IOS Routers

Note The device attempts to communicate with the next listed method only when there is no response from

the previous method. If the AAA service fails at any point in this cycle—meaning that the security server

or local username database responds by denying the user access or services—the process stops and no

other methods are attempted.

Related Topics

• Supported Authorization Types, page 60-2

• Supported Accounting Types, page 60-3

• Defining AAA Services, page 60-4

• AAA on Cisco IOS Routers, page 60-2

Defining AAA Services

To define AAA services on a Cisco IOS router, you must first enable AAA functionality on the router.

After you do this, you can define the kind of functionality (authentication, authorization, and

accounting) that you want the device to implement. You must define a method list for each function,

including lists for each type of authorization and accounting that you enable.

For example, if you want to configure EXEC authorization and command authorization, you must define

one method list for EXEC authorization and other method lists for each privilege level on which

command authorization is performed.

Note If you use RADIUS for authentication, you must use the same RADIUS server group for authorization

as well.

Related Topics

• Understanding Method Lists, page 60-3

• AAA on Cisco IOS Routers, page 60-2

• Understanding AAA Server and Server Group Objects, page 6-24

Step 1 Do one of the following:

• (Device view) Select Platform > Device Admin > AAA from the Policy selector.

• (Policy view) Select Router Platform > Device Admin > AAA from the Policy Type selector.

Select an existing policy or create a new one.

The AAA page is displayed. See AAA Policy Page, page 60-6 for a description of the fields on this page.

Step 2 Define which login authentication methods to use on users who access the device:

a. On the Authentication tab (see AAA Page—Authentication Tab, page 60-6), select the Enable

Device Login Authentication check box.

b. Enter the names of one or more AAA server group objects (up to four) in the Prioritized Method List

field, or click Select select the object from a list or to create a new one. Use the up and down arrows

in the object selector to define the order in which the selected server groups should be used.

previous next