HOW TO DO SSH AND ACS 5.2 AUTHENTICATION IN CISCO SWITCHES
Step-by-Step:
1) First activate the aaa new-model for authentication
(Config)#aaa new-model
2) Then put either tacacs+ and Radius as your authentication server. In my case i will be using radius
(Config)#Radius-server host X.X.X.X (your Radius Server IP)
3) After this put the shared key that will authenticate between Radius-Server and ACS 5.2
radius-server host 10.241.10.100 key cisco
4) Then from ACS 5.2 Go to Network Devices .
-> then Network Devices and AAA Client
-> Click Create
-> Host Name of the Switch
-> Ip address of the Switch
-> Radius Servers put the Shared Key
These cmds are compulsory and few optional are also there which you want you can do it.
5) Now test from the switch whether it is authenticating with ACS 5.2
test aaa group radius Username Password legacy
6) Now do the authentication cmds.
aaa authentication login default group radius local none
7) For SSH use this 2 Cmds
ip domain-name xxx.xx
crypto key gen rsa
8) Now go to Line Vty
(Config)#line vty 0 15
(Config)#password XXXX
(Config)#transport input ssh.
No comments:
Post a Comment