Implement local authentication and authorization for Cisco routers 1. overview: in small-and medium-sized networks, network administrators in the network center often need to authorize the administrator of a remote site to a certain extent, rather than asking the site administrator to use all the router privilege ports, this article provides a simple analysis and discussion of the above issues. 2. local router authentication and authorization cisco routers support centralized AAA (authentication/authorization/accounting) functions, but a cisco ACS (Access Control Server) needs to be deployed. If the number of network devices is small, you can use the local authentication and authorization functions of the cisco router for authentication and authorization, and do not need to deploy cisco ACS. the following is an example of local authentication and authorization for telnet access to router r1: (1) set an account and password for the telnet user (the aaa user level is the lowest level ): hostname r1username aaa password cisco (2) sets a privileged password level 2 (15 by default, with all permissions) enable secret level 2 CISCO (3) authorize privileged users of level 2 (only allow the execution of the router and network commands) privilege exec level 2 configure terminal allow the execution of the privileged command config tprivilege configure level 2 router allow the execution of Global commands: router <protocol> privilege router level 2 network allows the execution of the routing process command: network (4) specifies the authentication method for telnet access to router r1 (verified using the local user database) line vty 0 4 login local (5) results when the r1 is accessed via telnet, the system will first prompt you to enter username and password. In this case, user aaa is in user mode (level 1 user ), only a few command sets can be executed (User-mode command sets ). after you run the enbale 2 command and enter the correct password, you can run the config t, router, and network commands. However, other commands cannot be executed, and local verification and authorization are successful.