Ensure 'TACACS+/RADIUS' is configured correctly - protocol


Specifies the AAA server-group and each individual server using the TACACS+ or RADIUS protocol


Authentication, authorization and accounting (AAA) scheme provide an authoritative source for managing and monitoring access for devices. Many protocols are supported for the communication between the systems and the AAA servers: http-form, kerberos, ldap, nt, radius, sdi, tacacs+.


Step 1: Acquire the enterprise standard protocol (protocol_name) for authentication (TACACS+ or RADIUS)

Step 2: Run the following to configure the AAA server-group for the required protocol

hostname(config)#aaa-server <server-group_name> protocol <protocol_name>

Step 3: Run the following to configure the AAA server:

hostname(config)#aaa-server <server-group_name> (<interface_name>) host <aaa-server_ip> <shared_key>

server-group_name: the above server-group configured
interface_name: the network interface from which the AAA server will be accessed
aaa-server_ip: the IP address of the AAA server
shared_key: the TACACS+ or RADIUS shared key

Default Value:

The AAA server configuraton is by default disabled

See Also


Item Details


References: 800-53|AC-2(9), CSCv7|4.3

Plugin: Cisco

Control ID: 2ada08c062629e9a92ea2d5be446fac5396be06154ea1bbb644e6128e60584e2