Chapter 11
Configuring AAA Servers and the Local Database
Table 11-2
Command
accounting-port
authentication-port
kerberos-realm
key
ldap-base-dn
ldap-login-dn
ldap-login-password
ldap-naming-attribute
ldap-scope
nt-auth-domain-controller NT
radius-common-pw
retry-interval
sdi-pre-5-slave
sdi-version
server-port
timeout
For example, to add one TACACS+ group with one primary and one backup server, one RADIUS group
with a single server, and an NT domain server, enter the following commands:
hostname(config)# aaa-server AuthInbound protocol tacacs+
hostname(config-aaa-server-group)# max-failed-attempts 2
hostname(config-aaa-server-group)# reactivation-mode depletion deadtime 20
hostname(config-aaa-server-group)# exit
hostname(config)# aaa-server AuthInbound (inside) host 10.1.1.1
hostname(config-aaa-server-host)# key TACPlusUauthKey
hostname(config-aaa-server-host)# exit
hostname(config)# aaa-server AuthInbound (inside) host 10.1.1.2
hostname(config-aaa-server-host)# key TACPlusUauthKey2
hostname(config-aaa-server-host)# exit
hostname(config)# aaa-server AuthOutbound protocol radius
hostname(config-aaa-server-group)# exit
hostname(config)# aaa-server AuthOutbound (inside) host 10.1.1.3
hostname(config-aaa-server-host)# key RadUauthKey
hostname(config-aaa-server-host)# exit
hostname(config)# aaa-server NTAuth protocol nt
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Host Mode Commands, Server Types, and Defaults
Applicable AAA Server Types Default Value
RADIUS
RADIUS
Kerberos
RADIUS
TACACS+
LDAP
LDAP
LDAP
LDAP
LDAP
RADIUS
Kerberos
RADIUS
SDI
SDI
Kerberos
LDAP
NT
SDI
TACACS+
All
Identifying AAA Server Groups and Servers
1646
1645
—
—
—
—
—
—
—
—
—
—
10 seconds
10 seconds
—
sdi-5
88
389
139
5500
49
10 seconds
11-11