This chapter is from the book
Using All AAA Services Simultaneously
It is possible, and sometimes desirable, to incorporate authentication, authorization, and accounting simultaneously on a router. This is actually easier than it sounds. The following is a configuration that combines all three parts of AAA using exactly the examples from the previous sections. All that is needed to run them at the same time is for the administrator to enter the appropriate configuration lines. Some commands, such as the aaa new-model, only needs to be entered once:
aaa new-model !Set up for AAA tacacs-server host 172.30.1.50 !The TACACS+ server is at 172.30.1.50 tacacs-server key mysecretkey !Use the encrypted keys aaa authentication login default tacacs+ !Set the default authentication to TACACS+ aaa authentication ppp branch-office-users tacacs+ login !Sets authentication for PPP to first use TACACS+ if the server !is available and then look at the local database aaa authentication login administrative none !Used to ensure the administrator has access aaa accounting exec start-stop tacacs+ !Start accounting whenever an exec command is issued interface serial 2 !Go to the interface ppp authentication chap pap if-needed branch-office-users callin !Enable authentication on the S2 interface aaa authorization network tacacs+ !Start authorization for network services line con 0 login authentication administrative !Make sure the administrator can get into the console