AAA authenticaiton on Cisco device

Type the following command under the line:Username cisco password ciscoAaa new-model Aaa authentication login vty.authengroup tacacs+ local none Tacacs-server host 192.168.127.233 key ciscoRadius-server host 192.168.127.233 key ciscoLine vty 0 15Password pppLogin authentication vty.authen***if we set the ACS correctly, we should create a username Devin; and input the server client on the ACS. Because we type the command vty.authengroup tacacs+ local none; then authentication will first find the ACS tacas server, if it is not successful, it will seek local username/password. If the local also don’t have the username/password, it will keep none login. Test: 1, make the network between client and ACS broken down, we can use the PPP login this router without password; also we can use the devin to login the router without password. At last we need to use cisco with password cisco to login. 2, if the network is ok, we can only use the ACS as the authentication, then we canonly use the devin as the only way to login.
本文出自 “苏兰网络” 博客，请务必保留此出处http://zhangfang526.blog.51cto.com/8588740/1377890