139
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Configuring Security Features
Configuring VPN
Enable Policy Lookup
To enable policy lookup through AAA, follow these steps, beginning in global configuration mode.
SUMMARY STEPS
1. aaa new-model
2. aaa authentication login {default | list-name} method1 [method2...]
3. aaa authorization {network | exec | commands level | reverse-access | configuration} {default |
list-name} [method1 [method2...]]
4. username name {nopassword | password password | password encryption-type
encrypted-password}
DETAILED STEPS
Command or Action Purpose
Step 1
aaa new-model
Example:
Router(config)# aaa new-model
Router(config)#
Enables the AAA access control model.
Step 2
aaa authentication login {default | list-name}
method1 [method2...]
Example:
Router(config)# aaa authentication login
rtr-remote local
Router(config)#
Specifies AAA authentication of selected users at
login, and specifies the method used.
This example uses a local authentication database.
You could also use a RADIUS server for this. For
details, see Cisco IOS Security Configuration
Guide: Securing User Services, Release 2.4T and
Cisco IOS Security Command Reference.
Step 3
aaa authorization {network | exec | commands
level | reverse-access | configuration} {default |
list-name} [method1 [method2...]]
Example:
Router(config)# aaa authorization network
rtr-remote local
Router(config)#
Specifies AAA authorization of all
network-related service requests, including PPP,
and specifies the method of authorization.
This example uses a local authorization database.
You could also use a RADIUS server for this. For
details, see Cisco IOS Security Configuration
Guide: Securing User Services, Release 2.4T and
Cisco IOS Security Command Reference.
Step 4
username name {nopassword | password
password | password encryption-type
encrypted-password}
Example:
Router(config)# username username1 password
0 password1
Router(config)#
Establishes a username-based authentication
system.
This example implements a username of
username1 with an encrypted password of
password1.