background image
AAA Configuration 379
·
tacas+--This method says to use the TACACS server declared by the tacacs-server host
ip-address statement on the router.
·
guest--This method says to allow a login if the username is guest. This option is only
valid using ARAP.
·
auth-guest--This method says to allow the guest login only if the user has already logged
into the EXEC process on the router and has now started the ARAP process.
It should be noted that by default, guest logins through ARAP are disabled when you initialize
AAA. The aaa authentication arap command with either the guest or auth-guest keyword is
required for guest access when using AAA.
AAA Authentication PPP
The aaa authentication ppp command is used in conjunction with the ppp authentication line
configuration command to describe the methods that are tried when point-to-point (PPP) users
attempt to gain access to the router. Example 12-3 shows this configuration.
The same type of syntax is used throughout all AAA commands. With the ppp command, set
the interface command is ppp authentication option(s), where the options are the standard
non-AAA options of pap, chap, pap chap, chap pap, or ms-chap. In addition, the AAA
command methods can be used. In the previous example, the authentication is first TACACS+
and then local username/password pairs if TACACS+ is unavailable or returns an error.
The following list describes each of the methods for authentication using AAA for PPP. You
should memorize this for the exam.
·
local--This method says to use the username yyyy password xxxx pairs that are on the
router for authentication.
·
none--This method says to not use an authentication method.
·
tacacs+--This method says to use the TACACS server declared by the tacacs-server host
ip-address statement on the router.
·
radius--This method says to use the RADIUS server declared by the radius-server host
ip-address statement on the router.
Example 12-3
Declaring AAA Authentication with PPP
Router(config)#aaa authentication ppp pppfolk tacacs+ local
Router(config)#line 1 12
Router(config-line)#ppp authentication pppfolk