Thanks for reply
I will explain my last question
imagine we have enable command authorization and authentication with AAA
tacacs server.
After the user is authenticated , the server becomes unresponsive . will
the user session be disconnected .? As for every command the user executes
, router waits for an acknowledgment form the server ..
On Mon, Feb 14, 2011 at 1:27 AM, TED <ccie.security.nigeria_at_gmail.com>wrote:
> 4. a. the user will be granted exec priviledges once correct username
> and password is entered at the first user login.
>
>
> On 2/13/11, TED <ccie.security.nigeria_at_gmail.com> wrote:
> > Hi Ali
> >
> > 1. If the Tacac+ authentication process cant be achieved for some
> > reason (unreachable or unusable) then no authentication will be used.
> > 2. If the Tacac+ authentication process cant be achieved for some
> > reason (unreachable or unusable) then the enable password will be
> > used.
> > 3. Privillege 15.
> > 4.a, With this approach, the user will be granted Privilege Level 15
> > once correct username and password is entered at the first user login.
> > b, i dont understand you.
> >
> >
> >
> >
> > On 2/13/11, imran ali <immrccie_at_gmail.com> wrote:
> >> Hi group ,
> >>
> >> help me with the following aaa commands
> >>
> >> 1)aaa authentication login default group tacacs+ none
> >>
> >> does it means if my tacacs server fails , the user will be authorized
> >> immediately (no authorization done ) as the next method list is "none"
> >>
> >> 2) aaa authentication enable default group tacacs+ enable
> >>
> >> does this means if tacacs server is unavailable or fails to respond
> >> locally
> >> stored enable password will be used
> >>
> >> 3) if i issue this command " username admin password cisco " what will
> >> be
> >> the privilege assigned to it .(by default)
> >>
> >> 4) aaa authorization exec default group tacacs+ if-authenticated
> >> a) plz explain what this do in general
> >>
> >> b) what happens if authentication is successful with tacacs server
> and
> >> i
> >> have implemented command authorization to authorize all commands entered
> >> .
> >> now imagine server goes down. will authorization be allowed or user will
> >> be
> >> locked ?
> >>
> >> i hope i m clear in asking
> >>
> >>
> >> Thanks
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Feb 14 2011 - 08:26:13 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART