PIX的AAA认证配置
#vir telnet 10.1.1.1 (一般使用global地址) #access-list auth permit tcp any any eq http #access-list auth permit tcp any any eq telnet //http和telnet协议捆绑抓流量 #aaa-server 3a protocol tacacst+ #aaa-server 3a host 20.1.1.241 //20.1.1.241
#vir telnet 10.1.1.1 (一般使用global地址)
#access-list auth permit tcp any any eq http
#access-list auth permit tcp any any eq telnet //http和telnet协议捆绑抓流量
#aaa-server 3a protocol tacacst+
#aaa-server 3a host 20.1.1.241 //20.1.1.241是aaa服务器
#key cisco
#exit
#test aaa-server authentication 3a host 20.1.1.241 username pixaaa password cisco //验证3a上的用户名和密码
#aaa authentication auth inside 3a //调用"auth"流量做3a验证
#show uauth
授权:
#access-list auth permit icmp any any
#aaa authorization match auth inside 3a //抓取"auth"这个acl做授权
查看原文:http://www.laogebo.com/archives/335.html
老胳膊BLOG
上一篇: 124. 二叉树中的最大路径和