SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


Sidebar

Recently Changed Pages:

View All Pages


View All Tags


LinkedIn




WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.


Pages with comments

View All Comments

ciscoaaa

Cisco Authentication

This is a page with information about cisco authentication. It is an addon to the Cisco Radius Authentication on Active Directory 2008 article.

All commands assume you've already logged on to the switch with privilege level 15 access and are already in config mode (conf t).

Basic Cisco Configuration

To successfully configure the switch start with the administration of the switch, so configure the hostname, domain name and the nameserver:

hostname switch04
ip domain-name company.local
ip name-server 10.10.10.53

Local user

Create a local user with privilege 15. This user will be the fallback when RADIUS authentication fails.

username <user> priv 15 password <password>

Authentication Configuration

Configure AAA security services (authentication, authorization, and accounting) on the switch to support the RADIUS security protocol

aaa new-model


Configure the authentication methods

aaa authentication login default group radius local
aaa authorization exec default group radius local

line VTY

Configure the default authentication method for all virtual terminal sessions (vty):

line vty 0 15
(config-line)# login authentication default
end

Set a banner stating that all actions, logins etc. will be logged:

aaa authentication banner #
***************************************************************************
NOTICE TO USERS
This computer system is the private property of getshifting.com, whether
individual, corporate or government. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.
Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
agencies, both domestic and foreign.
By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials. Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to
use this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.
****************************************************************************
#

Passwords In Config

If the passwords in the running config show as plain text issue this command to show them encrypted:

service password-encryption

Check and Close

Now check the configuration, and only write the configuration to the cisco device if you can login successfully and everything is correct. To do so:

write
exit

Sources

You could leave a comment if you were logged in.
ciscoaaa.txt · Last modified: 2021/09/24 00:24 (external edit)