Category:Cisco Systems -> Security
AAA stands for Authentication, Authorization and Accounting.
1. Cisco
1.1 Routers and Switches
Basic AAA configuration example::
aaa new-model
// Activate AAA globally.
aaa authentication login default local
// Use local user database.
aaa authorization exec default local
// Specifies the local database as the source of authorization information
aaa authorization console
// Apply authorization to a console
line console 0
login authentication default
authorization exec default
// Bind AAA to a console
line vty 0 15
login authentication default
authorization exec default
// Bind AAA to VTY lines 0-15
1.2 Adaptive Security Appliance (Cisco ASA)
Basic AAA configuration example:
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
// Needed for access via ASDM. If you don't apply the command, access to ASDM would be open for anyone (needs verification)
aaa authentication ssh console LOCAL
// Needed for SSH authentication otherwise even valid credentials would be considered wrong.
aaa authentication telnet console LOCAL
// Telnet access is allowed only from inside interface.
crypto key generate rsa modulus 512
// Generate RSA keys. You can use other than 512 value.
http server enable
http 0.0.0.0 0.0.0.0 management
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
telnet 0.0.0.0 0.0.0.0 inside
telnet 0.0.0.0 0.0.0.0 outside
telnet 0.0.0.0 0.0.0.0 management
telnet timeout 15
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 management
ssh timeout 15
console timeout 0
// Change 0.0.0.0 0.0.0.0 to match your own security policy.
Integration ASA with ACS example:
aaa-server ACSserver protocol tacacs+
aaa-server ACSserver (inside) host 172.16.x.y
key SHAREDSECRETKEY
aaa authentication telnet console ACSserver LOCAL
aaa authentication ssh console ACSserver LOCAL
aaa authentication enable console ACSserver LOCAL
aaa authentication http console ACSserver LOCAL
aaa authorization exec authentication-server
