SlideShare a Scribd company logo

AAA Implementation Overview

A
Ahmad El Tawil

The document discusses authentication, authorization, and accounting (AAA) and provides instructions for configuring AAA on Cisco routers. It begins with an introduction to the three A's of AAA - authentication, authorization, and accounting. It then covers identifying each component and implementing authentication using local services or external servers like TACACS+ and RADIUS. The document also discusses authenticating router access, configuring AAA on Cisco routers including enabling AAA globally and setting authentication lists, and troubleshooting AAA using debug commands.

Education
1 of 29
AAA Implementation Presenter: Ahmad Ali Al Taweel Doctor: Kasem Ahmad
Outline – Introduction of AAA – Identification of each A – Implementing Authentication – TACACS+ and RADIUS AAA Protocols – Authenticating Router Access – Configuring AAA for Cisco Routers – Troubleshooting AAA on Cisco Routers – Configuring AAA with Cisco SDM – Summary
INTRODUCTION OF AAA  Sometimes referred to as “ triple-A” or just AAA,  A- Authentication  A- Authorization  A- Accounting Represent the big tree in terms of IP based network management & policy administration.
 AUTHENTICATION  Authentication is a process that ensures & confirms a user’s identity.  Authentication begins when a user tries to access information.  The user must prove his access rights & identity.  This login combination, which must be assigned to each user, authenticates access.
 AUTHORIZATION  Authorization is the process of granting or denying a user access to network resources once the user has been authenticated through the username & password.  The amount of information & the amount of services the user has access to depend on the user’s authorization level.
 ACCOUNTING  Accounting is the process of keeping track of a user’s activity while accessing the network resources, including the amount of time spent in the network, the services accessed while there & the amount of data transferred during the session.  Accounting data is used for trend analysis, capacity planning, billing auditing & cost allocation.
AAA MODEL—NETWORK SECURITY ARCHITECTURE • Authentication – Who are you? – “I am user student and my password validateme proves it.” • Authorization – What can you do? What can you access? – “User student can access host serverXYZ using Telnet.” • Accounting – What did you do? How long did you do it? How often did you do it? – “User student accessed host serverXYZ using Telnet for 15 minutes.”
IMPLEMENTING AUTHENTICATION USING LOCAL SERVICES 1. The client establishes a connection with the router. 2. The router prompts the user for a username and password. 3. The router authenticates the username and password in the local database. The user is authorized to access the network based on information in the local database. Perimeter Router Remote Client 1 2 3
IMPLEMENTING AUTHENTICATION USING EXTERNAL SERVERS 1. The client establishes a connection with the router. 2. The router prompts the user for a username and password. 3. The router passes the username and password to the Cisco Secure ACS (server or engine). 4. The Cisco Secure ACS authenticates the user. The user is authorized to access the router (administrative access) or the network based on information found in the Cisco Secure ACS database. Perimeter Router Remote Client Cisco Secure ACS for Windows Server Cisco Secure ACS Solution Engine 1 2 3 4
TACACS+ AND RADIUS AAA PROTOCOLS • Two different protocols are used to communicate between the AAA security servers and authenticating devices. • Cisco Secure ACS supports both TACACS+ and RADIUS: – TACACS+ remains more secure than RADIUS. – RADIUS has a robust application programming interface and strong accounting. Cisco Secure ACS Firewall Router Network Access Server TACACS+ RADIUS Security Server
Microsoft Windows dial-up networking connection: Username and Password fields Security Server Microsoft Windows Remote PC NAS Username and password (TCP/IP PPP) PSTN or ISDN
PPP , ISDN , PSTN  Point-to-Point Protocol (PPP) is a data link (layer 2) protocol used to establish a direct connection between two nodes. It connects two routers directly without any host or any other networking device in between. It can provide connection authentication,transmission encryption (using E CP, RFC 1968), and compression.  Integrated Services Digital Network (ISDN) is a set of communication standards for simultaneous digital transmission of voice, video, data.  Public Switched Telephone Network (PSTN) is the world's collection of interconnected voice-oriented public telephone networks.
AUTHENTICATING ROUTER ACCESS Telnet Host LAN Remote LAN Network Access Console Router Remote Router Administrative Access Internet
ROUTER LOCAL AUTHENTICATION CONFIGURATION PROCESS Here are the general steps required to configure a Cisco router for local authentication: • Step 1: Secure access to privileged EXEC mode. • Step 2: Enable AAA globally on the perimeter router with the aaa new-model command. • Step 3: Configure AAA authentication lists. • Step 4: Configure AAA authorization for use after the user has passed authentication. • Step 5: Configure the AAA accounting options for how you want to write accounting records. • Step 6: Verify the configuration.
ENABLE AAA GLOBALLY USING THE AAA NEW-MODEL COMMAND aaa new-model router(config)# router(config)# aaa new-model username username password password router(config)# router(config)# username Joe106 password 1MugOJava • Establishes AAA section in configuration file • Sets username and password aaa authentication login default local • Helps prevent administrative access lockout while configuring AAA router(config)#
AAA AUTHENTICATION COMMANDS • These aaa authentication commands are available in Cisco IOS Releases 12.2 and later. • Each of these commands has its own syntax and options (methods). aaa authentication arap aaa authentication banner aaa authentication enable default aaa authentication fail-message aaa authentication local-override aaa authentication login aaa authentication nasi aaa authentication password-prompt aaa authentication ppp aaa authentication username-prompt router(config)#
AAA authentication Login Command aaa authentication login {default | list-name} method1 [method2...] router(config)# router(config)# aaa authentication login default enable router(config)# aaa authentication login console-in local router(config)# aaa authentication login tty-in line
AAA authentication PPP Command aaa authentication ppp {default | list-name} method1 [method2...] router(config)# router(config)# aaa authen ppp default local router(config)# aaa authen ppp dial-in local none
AAA authentication Enable Default Command aaa authentication enable default method1 [method2...] router(config)# router(config)# aaa authentication enable default group tacacs+ enable none
Apply Authentication Commands to Lines and Interfaces • Authentication commands can be applied to lines or interfaces. router(config)# line console 0 router(config-line)# login authentication console-in router(config)# int s3/0 router(config-if)# ppp authentication chap dial-in Note: It is recommended that you always define a default list for AAA to provide “last resort” authentication on all lines and interfaces protected by AAA.
aaa authorization {network | exec | commands level | reverse-access | configuration} {default | list-name} method1 [method2...] router(config)# router(config)# aaa authorization commands 1 alpha local router(config)# aaa authorization commands 15 bravo local router(config)# aaa authorization network charlie local none router(config)# aaa authorization exec delta if-authenticated router(config)# aaa authorization commands 15 default local
AAA ACCOUNTING COMMAND aaa accounting {auth-proxy | system | network | exec | connection | commands level} {default | list-name} [vrf vrf- name] {start-stop | stop-only | none} [broadcast] group groupname router(config)# router(config)# aaa accounting commands 15 default stop-only group tacacs+ router(config)# aaa accounting auth-proxy default start-stop group tacacs+
TROUBLESHOOTING AAA USING DEBUG COMMANDS debug aaa authentication router# • Use this command to help troubleshoot AAA authentication problems debug aaa accounting router# • Use this command to help troubleshoot AAA accounting problems debug aaa authorization router# • Use this command to help troubleshoot AAA authorization problems
router# debug aaa authentication 113123: Feb 4 10:11:19.305 CST: AAA/MEMORY: create_user (0x619C4940) user='' ruser='' port='tty1' rem_addr='async/81560' authen_type=ASCII service=LOGIN priv=1 113124: Feb 4 10:11:19.305 CST: AAA/AUTHEN/START (2784097690): port='tty1' list='' action=LOGIN service=LOGIN 113125: Feb 4 10:11:19.305 CST: AAA/AUTHEN/START (2784097690): using "default" list 113126: Feb 4 10:11:19.305 CST: AAA/AUTHEN/START (2784097690): Method=LOCAL 113127: Feb 4 10:11:19.305 CST: AAA/AUTHEN (2784097690): status = GETUSER 113128: Feb 4 10:11:26.305 CST: AAA/AUTHEN/CONT (2784097690): continue_login (user='(undef)') 113129: Feb 4 10:11:26.305 CST: AAA/AUTHEN (2784097690): status = GETUSER 113130: Feb 4 10:11:26.305 CST: AAA/AUTHEN/CONT (2784097690): Method=LOCAL 113131: Feb 4 10:11:26.305 CST: AAA/AUTHEN (2784097690): status = GETPASS 113132: Feb 4 10:11:28.145 CST: AAA/AUTHEN/CONT (2784097690): continue_login (user='diallocal') 113133: Feb 4 10:11:28.145 CST: AAA/AUTHEN (2784097690): status = GETPASS 113134: Feb 4 10:11:28.145 CST: AAA/AUTHEN/CONT (2784097690): Method=LOCAL 113135: Feb 4 10:11:28.145 CST: AAA/AUTHEN (2784097690): status = PASS
router# debug aaa accounting 16:49:21: AAA/ACCT: EXEC acct start, line 10 16:49:32: AAA/ACCT: Connect start, line 10, glare 16:49:47: AAA/ACCT: Connection acct stop: task_id=70 service=exec port=10 protocol=telnet address=172.31.3.78 cmd=glare bytes_in=308 bytes_out=76 paks_in=45 paks_out=54 elapsed_time=14
CONFIGURING AAA WITH CISCO SDM 1 2 3
THANK YOU

Recommended

Implementing Cisco AAA
Implementing Cisco AAAImplementing Cisco AAA
Implementing Cisco AAAdkaya
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
AAA server
AAA serverAAA server
AAA serverhetvi naik
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
Radius vs. Tacacs+
Radius vs. Tacacs+Radius vs. Tacacs+
Radius vs. Tacacs+Netwax Lab
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
AAA Protocol
AAA ProtocolAAA Protocol
AAA ProtocolNetwax Lab
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 CertificatesSou Jana
 

Recommended

Implementing Cisco AAA
Implementing Cisco AAAImplementing Cisco AAA
Implementing Cisco AAAdkaya
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
AAA server
AAA serverAAA server
AAA serverhetvi naik
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
Radius vs. Tacacs+
Radius vs. Tacacs+Radius vs. Tacacs+
Radius vs. Tacacs+Netwax Lab
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
AAA Protocol
AAA ProtocolAAA Protocol
AAA ProtocolNetwax Lab
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 CertificatesSou Jana
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnettingIGZ Software house
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Key management
Key managementKey management
Key managementSujata Regoti
 
TACACS Protocol
TACACS ProtocolTACACS Protocol
TACACS ProtocolNetwax Lab
 
Subnetting
SubnettingSubnetting
Subnettingselvakumar_b1985
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Netcat
NetcatNetcat
Netcatyogendra singh chahar
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofingLuthfi Widyanto
 
Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardeningn|u - The Open Security Community
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Securitykentquirk
 
active and passive attack.pptx
active and passive attack.pptxactive and passive attack.pptx
active and passive attack.pptxmangeshchaurasia2
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and DistributionSyed Bahadur Shah
 
Tacacs
TacacsTacacs
Tacacs1 2d
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
User datagram protocol
User datagram protocolUser datagram protocol
User datagram protocolMohd Arif
 
CCNA_Security_03.ppt
CCNA_Security_03.pptCCNA_Security_03.ppt
CCNA_Security_03.pptveracru1
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Mohamed Loey
 

More Related Content

What's hot

Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
TACACS Protocol
TACACS ProtocolTACACS Protocol
TACACS ProtocolNetwax Lab
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Dr. Kapil Gupta
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Securitykentquirk
 
active and passive attack.pptx
active and passive attack.pptxactive and passive attack.pptx
active and passive attack.pptxmangeshchaurasia2
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and DistributionSyed Bahadur Shah
 
Tacacs
TacacsTacacs
Tacacs1 2d
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
User datagram protocol
User datagram protocolUser datagram protocol
User datagram protocolMohd Arif
 

What's hot (20)

Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnetting
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Key management
Key managementKey management
Key management
 
TACACS Protocol
TACACS ProtocolTACACS Protocol
TACACS Protocol
 
Subnetting
SubnettingSubnetting
Subnetting
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
Netcat
NetcatNetcat
Netcat
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocol
 
block ciphers
block ciphersblock ciphers
block ciphers
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofing
 
Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardening
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
 
active and passive attack.pptx
active and passive attack.pptxactive and passive attack.pptx
active and passive attack.pptx
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and Distribution
 
Tacacs
TacacsTacacs
Tacacs
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
 
User datagram protocol
User datagram protocolUser datagram protocol
User datagram protocol
 

Similar to AAA Implementation Overview

CCNA_Security_03.ppt
CCNA_Security_03.pptCCNA_Security_03.ppt
CCNA_Security_03.pptveracru1
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Mohamed Loey
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldapBabaa Naya
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldapBabaa Naya
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAAAhmed Habib
 
Chapter 3 overview
Chapter 3 overviewChapter 3 overview
Chapter 3 overviewali raza
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data planeNetProtocol Xpert
 
CCNP Switching Chapter 7
CCNP Switching Chapter 7CCNP Switching Chapter 7
CCNP Switching Chapter 7Chaing Ravuth
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214Mac An
 
5 ip security aaa and acl
5 ip security aaa and acl5 ip security aaa and acl
5 ip security aaa and aclSagarR24
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01slavenvvv
 
At8000 s configurando_aaa
At8000 s configurando_aaaAt8000 s configurando_aaa
At8000 s configurando_aaaNetPlus
 
Commissioning, Managing & Troubleshooting Industrial Networks
Commissioning, Managing & Troubleshooting Industrial NetworksCommissioning, Managing & Troubleshooting Industrial Networks
Commissioning, Managing & Troubleshooting Industrial NetworksCreekside Marketing Group, LLC
 
5 ip security dataplace security
5 ip security dataplace security5 ip security dataplace security
5 ip security dataplace securitySagarR24
 
CCNA_Security_02.ppt
CCNA_Security_02.pptCCNA_Security_02.ppt
CCNA_Security_02.pptveracru1
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]RootedCON
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1milkux
 
Diameter Presentation
Diameter PresentationDiameter Presentation
Diameter PresentationBeny Haddad
 

Similar to AAA Implementation Overview (20)

CCNA_Security_03.ppt
CCNA_Security_03.pptCCNA_Security_03.ppt
CCNA_Security_03.ppt
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldap
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldap
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAA
 
Chapter 3 overview
Chapter 3 overviewChapter 3 overview
Chapter 3 overview
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 
CCNP Switching Chapter 7
CCNP Switching Chapter 7CCNP Switching Chapter 7
CCNP Switching Chapter 7
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214
 
5 ip security aaa and acl
5 ip security aaa and acl5 ip security aaa and acl
5 ip security aaa and acl
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01
 
At8000 s configurando_aaa
At8000 s configurando_aaaAt8000 s configurando_aaa
At8000 s configurando_aaa
 
Commissioning, Managing & Troubleshooting Industrial Networks
Commissioning, Managing & Troubleshooting Industrial NetworksCommissioning, Managing & Troubleshooting Industrial Networks
Commissioning, Managing & Troubleshooting Industrial Networks
 
5 ip security dataplace security
5 ip security dataplace security5 ip security dataplace security
5 ip security dataplace security
 
CCNA_Security_02.ppt
CCNA_Security_02.pptCCNA_Security_02.ppt
CCNA_Security_02.ppt
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1
 
Iuwne10 S02 L02
Iuwne10 S02 L02Iuwne10 S02 L02
Iuwne10 S02 L02
 
Diameter Presentation
Diameter PresentationDiameter Presentation
Diameter Presentation
 

More from Ahmad El Tawil

Force sensors presentation
Force sensors presentationForce sensors presentation
Force sensors presentationAhmad El Tawil
 
Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...
Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...
Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...Ahmad El Tawil
 
Map reduce presentation
Map reduce presentationMap reduce presentation
Map reduce presentationAhmad El Tawil
 
Map reduce advantages over parallel databases report
Map reduce advantages over parallel databases reportMap reduce advantages over parallel databases report
Map reduce advantages over parallel databases reportAhmad El Tawil
 
Map reduce advantages over parallel databases
Map reduce advantages over parallel databases Map reduce advantages over parallel databases
Map reduce advantages over parallel databases Ahmad El Tawil
 
Cloud computing risk assesment report
Cloud computing risk assesment reportCloud computing risk assesment report
Cloud computing risk assesment reportAhmad El Tawil
 
Cloud computing risk assesment
Cloud computing risk assesment Cloud computing risk assesment
Cloud computing risk assesment Ahmad El Tawil
 
Piper Alpha Disaster Report
Piper Alpha Disaster ReportPiper Alpha Disaster Report
Piper Alpha Disaster ReportAhmad El Tawil
 
Fruit detection using morphological
Fruit detection using morphological Fruit detection using morphological
Fruit detection using morphological Ahmad El Tawil
 
Cloud computing risk assesment presentation
Cloud computing risk assesment presentationCloud computing risk assesment presentation
Cloud computing risk assesment presentationAhmad El Tawil
 
Bhopal Disaster Presentation
Bhopal Disaster PresentationBhopal Disaster Presentation
Bhopal Disaster PresentationAhmad El Tawil
 
Security algorithms for manet
Security algorithms for manetSecurity algorithms for manet
Security algorithms for manetAhmad El Tawil
 
5G green communication
5G green communication5G green communication
5G green communicationAhmad El Tawil
 
A survey of ethical hacking process and security
A survey of ethical hacking process and securityA survey of ethical hacking process and security
A survey of ethical hacking process and securityAhmad El Tawil
 
Cybercriminals focus on Cryptocurrency
Cybercriminals focus on CryptocurrencyCybercriminals focus on Cryptocurrency
Cybercriminals focus on CryptocurrencyAhmad El Tawil
 

More from Ahmad El Tawil (18)

Force sensors presentation
Force sensors presentationForce sensors presentation
Force sensors presentation
 
Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...
Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...
Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...
 
Map reduce presentation
Map reduce presentationMap reduce presentation
Map reduce presentation
 
Map reduce advantages over parallel databases report
Map reduce advantages over parallel databases reportMap reduce advantages over parallel databases report
Map reduce advantages over parallel databases report
 
Map reduce advantages over parallel databases
Map reduce advantages over parallel databases Map reduce advantages over parallel databases
Map reduce advantages over parallel databases
 
Cloud computing risk assesment report
Cloud computing risk assesment reportCloud computing risk assesment report
Cloud computing risk assesment report
 
Cloud computing risk assesment
Cloud computing risk assesment Cloud computing risk assesment
Cloud computing risk assesment
 
Piper Alpha Disaster Report
Piper Alpha Disaster ReportPiper Alpha Disaster Report
Piper Alpha Disaster Report
 
Fruit detection using morphological
Fruit detection using morphological Fruit detection using morphological
Fruit detection using morphological
 
Piper Alpha Disaster
Piper Alpha DisasterPiper Alpha Disaster
Piper Alpha Disaster
 
Cloud computing risk assesment presentation
Cloud computing risk assesment presentationCloud computing risk assesment presentation
Cloud computing risk assesment presentation
 
Bhopal Disaster Presentation
Bhopal Disaster PresentationBhopal Disaster Presentation
Bhopal Disaster Presentation
 
Security algorithms for manet
Security algorithms for manetSecurity algorithms for manet
Security algorithms for manet
 
Bayesian network
Bayesian networkBayesian network
Bayesian network
 
5G green communication
5G green communication5G green communication
5G green communication
 
A survey of ethical hacking process and security
A survey of ethical hacking process and securityA survey of ethical hacking process and security
A survey of ethical hacking process and security
 
E-DHCP
E-DHCPE-DHCP
E-DHCP
 
Cybercriminals focus on Cryptocurrency
Cybercriminals focus on CryptocurrencyCybercriminals focus on Cryptocurrency
Cybercriminals focus on Cryptocurrency
 

Recently uploaded

ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 

Recently uploaded (20)

ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 

AAA Implementation Overview

  • 1. AAA Implementation Presenter: Ahmad Ali Al Taweel Doctor: Kasem Ahmad
  • 2. Outline – Introduction of AAA – Identification of each A – Implementing Authentication – TACACS+ and RADIUS AAA Protocols – Authenticating Router Access – Configuring AAA for Cisco Routers – Troubleshooting AAA on Cisco Routers – Configuring AAA with Cisco SDM – Summary
  • 3. INTRODUCTION OF AAA  Sometimes referred to as “ triple-A” or just AAA,  A- Authentication  A- Authorization  A- Accounting Represent the big tree in terms of IP based network management & policy administration.
  • 4.  AUTHENTICATION  Authentication is a process that ensures & confirms a user’s identity.  Authentication begins when a user tries to access information.  The user must prove his access rights & identity.  This login combination, which must be assigned to each user, authenticates access.
  • 5.  AUTHORIZATION  Authorization is the process of granting or denying a user access to network resources once the user has been authenticated through the username & password.  The amount of information & the amount of services the user has access to depend on the user’s authorization level.
  • 6.  ACCOUNTING  Accounting is the process of keeping track of a user’s activity while accessing the network resources, including the amount of time spent in the network, the services accessed while there & the amount of data transferred during the session.  Accounting data is used for trend analysis, capacity planning, billing auditing & cost allocation.
  • 7. AAA MODEL—NETWORK SECURITY ARCHITECTURE • Authentication – Who are you? – “I am user student and my password validateme proves it.” • Authorization – What can you do? What can you access? – “User student can access host serverXYZ using Telnet.” • Accounting – What did you do? How long did you do it? How often did you do it? – “User student accessed host serverXYZ using Telnet for 15 minutes.”
  • 8. IMPLEMENTING AUTHENTICATION USING LOCAL SERVICES 1. The client establishes a connection with the router. 2. The router prompts the user for a username and password. 3. The router authenticates the username and password in the local database. The user is authorized to access the network based on information in the local database. Perimeter Router Remote Client 1 2 3
  • 9. IMPLEMENTING AUTHENTICATION USING EXTERNAL SERVERS 1. The client establishes a connection with the router. 2. The router prompts the user for a username and password. 3. The router passes the username and password to the Cisco Secure ACS (server or engine). 4. The Cisco Secure ACS authenticates the user. The user is authorized to access the router (administrative access) or the network based on information found in the Cisco Secure ACS database. Perimeter Router Remote Client Cisco Secure ACS for Windows Server Cisco Secure ACS Solution Engine 1 2 3 4
  • 10. TACACS+ AND RADIUS AAA PROTOCOLS • Two different protocols are used to communicate between the AAA security servers and authenticating devices. • Cisco Secure ACS supports both TACACS+ and RADIUS: – TACACS+ remains more secure than RADIUS. – RADIUS has a robust application programming interface and strong accounting. Cisco Secure ACS Firewall Router Network Access Server TACACS+ RADIUS Security Server
  • 11.
  • 12. Microsoft Windows dial-up networking connection: Username and Password fields Security Server Microsoft Windows Remote PC NAS Username and password (TCP/IP PPP) PSTN or ISDN
  • 13. PPP , ISDN , PSTN  Point-to-Point Protocol (PPP) is a data link (layer 2) protocol used to establish a direct connection between two nodes. It connects two routers directly without any host or any other networking device in between. It can provide connection authentication,transmission encryption (using E CP, RFC 1968), and compression.  Integrated Services Digital Network (ISDN) is a set of communication standards for simultaneous digital transmission of voice, video, data.  Public Switched Telephone Network (PSTN) is the world's collection of interconnected voice-oriented public telephone networks.
  • 14. AUTHENTICATING ROUTER ACCESS Telnet Host LAN Remote LAN Network Access Console Router Remote Router Administrative Access Internet
  • 15. ROUTER LOCAL AUTHENTICATION CONFIGURATION PROCESS Here are the general steps required to configure a Cisco router for local authentication: • Step 1: Secure access to privileged EXEC mode. • Step 2: Enable AAA globally on the perimeter router with the aaa new-model command. • Step 3: Configure AAA authentication lists. • Step 4: Configure AAA authorization for use after the user has passed authentication. • Step 5: Configure the AAA accounting options for how you want to write accounting records. • Step 6: Verify the configuration.
  • 16. ENABLE AAA GLOBALLY USING THE AAA NEW-MODEL COMMAND aaa new-model router(config)# router(config)# aaa new-model username username password password router(config)# router(config)# username Joe106 password 1MugOJava • Establishes AAA section in configuration file • Sets username and password aaa authentication login default local • Helps prevent administrative access lockout while configuring AAA router(config)#
  • 17. AAA AUTHENTICATION COMMANDS • These aaa authentication commands are available in Cisco IOS Releases 12.2 and later. • Each of these commands has its own syntax and options (methods). aaa authentication arap aaa authentication banner aaa authentication enable default aaa authentication fail-message aaa authentication local-override aaa authentication login aaa authentication nasi aaa authentication password-prompt aaa authentication ppp aaa authentication username-prompt router(config)#
  • 18. AAA authentication Login Command aaa authentication login {default | list-name} method1 [method2...] router(config)# router(config)# aaa authentication login default enable router(config)# aaa authentication login console-in local router(config)# aaa authentication login tty-in line
  • 19. AAA authentication PPP Command aaa authentication ppp {default | list-name} method1 [method2...] router(config)# router(config)# aaa authen ppp default local router(config)# aaa authen ppp dial-in local none
  • 20. AAA authentication Enable Default Command aaa authentication enable default method1 [method2...] router(config)# router(config)# aaa authentication enable default group tacacs+ enable none
  • 21. Apply Authentication Commands to Lines and Interfaces • Authentication commands can be applied to lines or interfaces. router(config)# line console 0 router(config-line)# login authentication console-in router(config)# int s3/0 router(config-if)# ppp authentication chap dial-in Note: It is recommended that you always define a default list for AAA to provide “last resort” authentication on all lines and interfaces protected by AAA.
  • 22. aaa authorization {network | exec | commands level | reverse-access | configuration} {default | list-name} method1 [method2...] router(config)# router(config)# aaa authorization commands 1 alpha local router(config)# aaa authorization commands 15 bravo local router(config)# aaa authorization network charlie local none router(config)# aaa authorization exec delta if-authenticated router(config)# aaa authorization commands 15 default local
  • 23. AAA ACCOUNTING COMMAND aaa accounting {auth-proxy | system | network | exec | connection | commands level} {default | list-name} [vrf vrf- name] {start-stop | stop-only | none} [broadcast] group groupname router(config)# router(config)# aaa accounting commands 15 default stop-only group tacacs+ router(config)# aaa accounting auth-proxy default start-stop group tacacs+
  • 24. TROUBLESHOOTING AAA USING DEBUG COMMANDS debug aaa authentication router# • Use this command to help troubleshoot AAA authentication problems debug aaa accounting router# • Use this command to help troubleshoot AAA accounting problems debug aaa authorization router# • Use this command to help troubleshoot AAA authorization problems
  • 25. router# debug aaa authentication 113123: Feb 4 10:11:19.305 CST: AAA/MEMORY: create_user (0x619C4940) user='' ruser='' port='tty1' rem_addr='async/81560' authen_type=ASCII service=LOGIN priv=1 113124: Feb 4 10:11:19.305 CST: AAA/AUTHEN/START (2784097690): port='tty1' list='' action=LOGIN service=LOGIN 113125: Feb 4 10:11:19.305 CST: AAA/AUTHEN/START (2784097690): using "default" list 113126: Feb 4 10:11:19.305 CST: AAA/AUTHEN/START (2784097690): Method=LOCAL 113127: Feb 4 10:11:19.305 CST: AAA/AUTHEN (2784097690): status = GETUSER 113128: Feb 4 10:11:26.305 CST: AAA/AUTHEN/CONT (2784097690): continue_login (user='(undef)') 113129: Feb 4 10:11:26.305 CST: AAA/AUTHEN (2784097690): status = GETUSER 113130: Feb 4 10:11:26.305 CST: AAA/AUTHEN/CONT (2784097690): Method=LOCAL 113131: Feb 4 10:11:26.305 CST: AAA/AUTHEN (2784097690): status = GETPASS 113132: Feb 4 10:11:28.145 CST: AAA/AUTHEN/CONT (2784097690): continue_login (user='diallocal') 113133: Feb 4 10:11:28.145 CST: AAA/AUTHEN (2784097690): status = GETPASS 113134: Feb 4 10:11:28.145 CST: AAA/AUTHEN/CONT (2784097690): Method=LOCAL 113135: Feb 4 10:11:28.145 CST: AAA/AUTHEN (2784097690): status = PASS
  • 26. router# debug aaa accounting 16:49:21: AAA/ACCT: EXEC acct start, line 10 16:49:32: AAA/ACCT: Connect start, line 10, glare 16:49:47: AAA/ACCT: Connection acct stop: task_id=70 service=exec port=10 protocol=telnet address=172.31.3.78 cmd=glare bytes_in=308 bytes_out=76 paks_in=45 paks_out=54 elapsed_time=14
  • 27. CONFIGURING AAA WITH CISCO SDM 1 2 3
  • 28.