Router Access Modes
You can use AAA in either character mode or packet mode. Character mode
is used when logging in to the CLI on the router via a vty or tty line, the
AUX port, or the console port. Packet mode is used when authenticating a
user on a dialup or serial interface (for example, a PPP-authenticated ISDN
dialup session).
Configuring AAA
Example 5-11 shows how to configure communications with the AAA security
server using TACACS+. In this example, the TACACS+ server is located
at 10.2.2.2 and is configured to use a single TCP socket for all connections,
rather than a separate socket for each. This saves processing resources on
both the router and server. The server must also be configured with the key
T@C_key1.
Example 5-11 Configuring a TACACS+ Server
R2(config)#aaa new-model
R2(config)#tacacs-server host 10.2.2.2 single-connection
R2(config)#tacacs-server key T@C_key1
Example 5-12 shows how to configure communications with the AAA security
server using RADIUS: