AAA back to basics

I think I’ve done enough BGP for the week and time to do some security basics.

service password-encryption
!
username delan password ccie
enable secret ccie
!
aaa new-model
!
aaa authentication login VTY local group tacacs+
aaa authentication login CONSOLE group tacacs+ line
aaa authentication enable default enable
aaa authorization exec group tacacs+ if-authenticated
!
aaa authentication username-prompt “Please enter your username: ”
aaa authentication password-prompt “Please enter your password: ”
aaa authentication banner #
Access to this router is restricted to friends of Delan A
#
!
aaa authentication fail-message #
Invalid password, please check your username, password or both
#
!
line con 0
login authentication CONSOLE
password ccie321
!
line vty 0 4
privilege level 15
authorization exec VTY
login authentication VTY
!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s