Cisco CCNA (640-553) Security Training
Using the “aaa authorization reverse-access” command
By Charles Ross CCNA - CCNP #CSCO10444244
In today’s article, I’m going to quickly inform you about the Cisco IOS global configuration mode command named “aaa authorization reverse-access”.
So on that note let’s begin, CCNA’s (like you) use the “aaa authorization reverse-access” command to tell (configure) a network access server (NAS) router to request authorization information from either a TACACS+ or RADIUS security server before allowing a user to establish a reverse Telnet session.
In other words, an internal network administrator may sometimes need to perform a reverse Telnet session, so in order to gain control of a modem that is connected to a network access server (NAS) router; so he or she can make a call. If the network access server (NAS) router is configured with the “aaa authorization reverse-access” command, the router will check with either a TACACS+ or RADIUS security server first, to see if it’s o.k. for the network administrator to establish a reverse Telnet session to gain control of the modem to make the call.
Note: If a network access server (NAS) router is not configured with the command, it will automatically authorize all reverse Telnet sessions by default.
Below is the command’s syntax:
aaa authorization reverse-access {group radius | group tacacs+}
As you can see, the command is fairly simple to use; and it only has two keywords “group radius” or “group tacacs+”.
group radius – This keyword is used to specify that the network access server router will request authorization from a RADIUS security server before allowing a user to establish a reverse Telnet session.
group tacacs+ -- This keyword is used to specify that the network access server router will request authorization from a TACACS+ security server before allowing a user to establish a reverse Telnet session.
And, like with mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:
Router(config)#no aaa authorization reverse-access {group radius | group tacacs+}
By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.0(5)T or higher.
I hope this article was very informative and helped you quickly understand the usage of the aaa authorization reverse-access command. If you need to learn more; I suggest you visit my website, (www.ccnaittechtips.com) were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross
CCNA- CCNP #CSCO10444244