Header GIF
Site is Under Maintenance
Please come back again in...
00 Days
00 Hours
00 Minutes
00 Seconds
Home
• Control Plane Security •
• Networking Fundamentals Tutorial •

Configuring Local User Authentication via AAA Tutorial

### Configuring Local User Authentication via AAA

This tutorial will guide you through the steps to configure Local User Authentication using the Authentication, Authorization, and Accounting (AAA) framework on a Cisco router or switch. AAA is a powerful tool that helps in managing user access to network devices.

#### Prerequisites
- Access to a Cisco device (router or switch).
- Basic understanding of CLI (Command-Line Interface) commands.
- Ensure that you have the necessary privileges to make configuration changes.

### Step 1: Access the Device

First, connect to your device using a terminal emulator (like PuTTY, Tera Term, etc.) and enter privileged EXEC mode.

```plaintext
Router> enable
Router#
```

### Step 2: Enter Global Configuration Mode

From privileged EXEC mode, enter global configuration mode.

```plaintext
Router# configure terminal
Router(config)#
```

### Step 3: Enable AAA

Before configuring local user authentication, you must enable the AAA framework on your device.

```plaintext
Router(config)# aaa new-model
```

### Step 4: Create Local Users

You will need to create local user accounts that will be used for authentication. Use the `username` command to define a new user and assign a password.

```plaintext
Router(config)# username admin privilege 15 secret AdminPassword
Router(config)# username user1 privilege 1 secret User1Password
Router(config)# username user2 privilege 1 secret User2Password
```

In the above commands:
- `admin` is a user with the highest privilege level (15).
- `user1` and `user2` are standard users with a lower privilege level (1).
- The `secret` keyword encrypts the password.

### Step 5: Configure Authentication Method

To use local user accounts for authentication, you need to configure an authentication method list. In this case, we will create a method list that uses local authentication.

```plaintext
Router(config)# aaa authentication login default local
```

This command specifies that the default login authentication method is local, which means it will check the local user database for credentials.

### Step 6: Apply AAA Authentication to Console and VTY Lines

To enforce the AAA authentication you configured, apply it to the console and VTY (Virtual Terminal) lines.

#### Configure Console Line

```plaintext
Router(config)# line con 0
Router(config-line)# login authentication default
Router(config-line)# exit
```

#### Configure VTY Lines

```plaintext
Router(config)# line vty 0 4
Router(config-line)# login authentication default
Router(config-line)# exit
```

The VTY lines are used for remote access (SSH or Telnet), and we are applying the same authentication method to them.

### Step 7: Save the Configuration

To ensure your changes are not lost after a reboot, save the configuration.

```plaintext
Router(config)# end
Router# write memory
```

or 

```plaintext
Router# copy running-config startup-config
```

### Step 8: Testing the Configuration

Now that you have configured local user authentication via AAA, it’s time to test it.

1. **Access the Console**: If you are connected via the console, you should be prompted for the username and password.

   ```plaintext
   Username: admin
   Password: AdminPassword
   ```

2. **Access via VTY (SSH/Telnet)**: If accessing remotely, initiate a connection (e.g., using an SSH client) and provide the username and password.

3. **Verify Privileges**: After logging in, you can verify your privilege level using the `show privilege` command.

   ```plaintext
   Router# show privilege
   ```

### Step 9: Troubleshooting

If you encounter issues:

- Ensure that AAA is enabled by checking with:

  ```plaintext
  Router# show running-config | include aaa
  ```

- Check your user configurations with:

  ```plaintext
  Router# show running-config | include username
  ```

- Confirm line configurations for console and VTY lines:

  ```plaintext
  Router# show running-config | section line
  ```

### Conclusion

By following these steps, you have successfully configured local user authentication via AAA on your Cisco device. This setup enhances the security of your device by controlling user access and leveraging the AAA framework. Always remember to keep user accounts and passwords secure, and regularly review your configurations.

Rate This Article

Thanks for reading: Configuring Local User Authentication via AAA Tutorial, Sorry, my English is bad:)

Getting Info...

About the Author

I'm Aevon...Just a gal with an insane passion for all things cybersecurity. 17 years in the industry and still love what I'm doing.
#• Control Plane Security • #• Networking Fundamentals Tutorial •

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.