AAA Methods
aaa accounting changes default {<time-frame> | stop-only} tacacs+ no aaa accounting changes default {<time-frame> | stop-only} tacacs+ Enables logging of system changes to a AAA accounting server. The no form of the command disables the accounting. |
||
Syntax Description |
stop-only |
Sends a stop accounting notice at the end of requested user process |
Default |
N/A |
|
Configuration Mode |
config |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show aaa |
|
Notes |
|
aaa authentication login default <auth method> [<auth method> [<auth method> [<auth method> [<auth method>]]]] no aaa authentication login Sets a sequence of authentication methods. Up to four methods can be configured. The no form of the command resets the configuration to its default. |
||
Syntax Description |
auth-method |
Possible values:
|
Default |
N/A |
|
Configuration Mode |
config |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show aaa |
|
Notes |
The order in which the methods are specified is the order in which the authentication is attempted. It is required that "local" is one of the methods selected. It is recommended that "local" be listed first to avoid potential problems logging in to local accounts in the face of network or remote server issues. |
aaa authorization map [default-user <username> | order <policy>] no aaa authorization map [default-user | order] Sets the mapping permissions of a user in case a remote authentication is done. The no form of the command resets the attributes to default. |
||
Syntax Description |
username |
Specifies what local account the authenticated user will be logged on as when a user is authenticated (via RADIUS or TACACS+) and does not have a local account. If the username is local, this mapping is ignored. |
policy |
Sets the user mapping behavior when authenticating users via RADIUS or TACACS+ to one of three choices. The order determines how the remote user mapping behaves. If the authenticated username is valid locally, no mapping is performed. The setting has the following three possible behaviors:
|
|
Default |
Default user: admin Map order: remote-first |
|
Configuration Mode |
config |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show aaa username |
|
Notes |
If, for example, the user is locally defined to have admin permission, but in a remote server such as RADIUS the user is authenticated as monitor and the order is remote-first, then the user will be given monitor permissions. |
show aaa Displays the AAA configuration. |
||
Syntax Description |
N/A |
|
Default |
N/A |
|
Configuration Mode |
Any configuration mode |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
aaa accounting aaa authentication aaa authorization show aaa show usernames username |
|
Notes |