Cisco CCNA (640-553) Security Training
Using the “aaa cache profile” command
By Charles Ross CCNA - CCNP #CSCO10444244
In today’s article, I’m going to quickly inform you about the Cisco IOS global configuration mode command named “aaa cache profile”.
Network administrators (like you) use the “aaa cache profile” command to create a “named” authentication and authorization cache profile group; and once the command is typed, it places the router into profile map configuration mode. Router(config-profile-map)#
Another way of explaining it is CCNA’s use the command to define or modify an authentication or authorization cache group.
Below is the command’s syntax:
aaa cache profile group-name
As you can see, the command is really easy to implement, the group-name argument is used to specify an authentication and authorization group; but, keep in mind duplicate group names can’t be used.
After you’ve configured the router with the command and the router has been placed into profile map configuration mode (config-profile-map) you can use the following commands to specify cache profile parameters.
profile—This command specifies an exact profile match to cache. The profile name must be an exact match to the username being queried by the service authentication or authorization request. This is the recommended format to enter profiles that users want to cache.
regexp—This command allows entries to match based on regular expressions. Matching on regular expressions is not recommended for most situations.
The any keyword, which is available under the regexp submenu, allows for any unique instance of an AAA Server Response that matches the regular expression to be saved in the cache. The only keyword allows for only one instance of an AAA Server Response that matches the regular expression to be saved in the cache.
all—This command specifies that all authentication and authorization requests are cached. Using the all command makes sense for certain service authorization requests, but it should be avoided when dealing with authentication requests.
And, just like mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:
Router(config)#no aaa cache profile ittechtips
By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.2(28)SB or higher.
I hope this article was very informative and helped you quickly understand the usage of the aaa cache profile command. If you need to learn more; I suggest you visit my website, (www.ccnaittechtips.com) were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
Charles Ross
CCNA- CCNP #CSCO10444244