Cisco CCNA (640-553) Security Training
Using the “aaa user profile and aaa attribute” Commands
By Charles Ross CCNA - CCNP #CSCO10444244
Now, before I begin to explain today’s article; I would like to say, “Thank you” to all of my readers”; because of you Ittechtips is an astounding success.
In today’s article, I’m going to inform you about the Cisco IOS global configuration mode command named “aaa user profile” and the AAA-user configuration mode command named “aaa attribute”.
Network administrators (like you) use the “aaa user profile” command to create an AAA (Authentication, Authorization, and Accounting) named user profile.
Below are the syntax and an example of the command:
Syntax: aaa user profile profile-name
Example: Router(config)#aaa user profile cross
As you can see, the command is really easy to implement, it’s performed while the router is in “Global” configuration mode, and in the above example; the router’s aaa user profile is named “cross”.
It’s very important to remember that the name of an Authentication, Authorization, and Accounting (aaa) user profile should not exceed 63 characters in length because, all other additional characters will just be truncated.
To remove an Authentication, Authorization, and Accounting user profile after you’ve created it, just use the word “no” in front of the “aaa user profile” command like you see in the example below:
Example: Router(config)#no aaa user profile cross
Well, that pretty much sums up the “aaa user profile” Global configuration mode command; so, let’s move on to the to the “aaa attribute” AAA-user configuration mode command.
The first thing that I must inform you about the “aaa attribute” command is that it’s used in conjunction with the “aaa user profile” command. In other words, network administrators normally use both commands at the same time.
Network administrators (like you) use the “aaa attribute” command, when the router is in AAA-user configuration mode, to add Calling Line Identification (CLID) and Dialed Number Identification Service (DNIS) attribute values to a aaa user profile.
Below are the syntax and an example of the command:
Syntax: aaa attribute {clid | dnis} attribute-value
Example: Router#configure terminal
Router(config)#aaa user profile cross
Router(config-aaa-user)#aaa attribute clid clidvalue
Router(config-aaa-user)#aaa attribute dnis dnisvalue
Router(config-aaa-user)#end
Router#copy run start
In the example above, notice the “aaa attribute” command is being performed in AAA-user configuration mode. And, the Calling Line Identification attribute value for the user profile named cross is “clidvalue” and the Dialed Number Identification Service attribute value for the user profile named cross is “dnisvalue”.
If you need to undo an attribute value (clid/dnis), just type the word “no” in front of the command like you see below:
Router(config-aaa-user)#no aaa attribute clid clidvalue
Remember, in order for you to use either one of the commands, your router(s) must be running Cisco IOS 12.4(4)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the aaa user profile and aaa attribute commands. If you want to learn more; I suggest you visit my website, (www.ccnaittechtips.com) were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross
CCNA- CCNP #CSCO10444244