Cisco CCNA (640-553) Security Training

 

Using the “aaa dnis map authorization network group” command

 

By Charles Ross CCNA - CCNP #CSCO10444244

 

In today’s article, I’m going to inform you about the Cisco IOS global configuration mode command named “aaa dnis map authorization network group”. 

 

CCNA’s (like you) use the “aaa dnis map authentication network group” command to map a Dialed Number Information Service (DNIS) number to a particular AAA server group that will be used for AAA authorization.

 

In other words, CCNA’s (like you) use the aaa dnis map authorization network group” command to assign a DNIS number to a specific AAA server group, so that the server group can process authorization requests for users dialing into the network using a particular DNIS number.

 

Now, before you can use the command, you must do the following first:

 

  1. Enable AAA on the router

  2. Define an AAA server group

  3. Enable DNIS mapping

 

Below is the command’s syntax:

  

aaa dnis map dnis-number authorization network group server-group-name 

  

As you can see, the command is very simple to implement; the dnis-number argument is the actual number of the DNIS; and the server-group-name argument, is the name of a group of security servers functioning within a server group. 

 

Below is an example of the command being used:

  

Router>enable

Router#configure terminal

Router(config)#aaa new-model

Router(config)#radius-server host 172.30.0.0 acct-port 1645 key ittechtips1

Router(config)#aaa group server radius group1

Router(config-sg-radius)#server 172.30.0.0

Router(config-sg-radius)#exit

Router(config)#aaa dnis map enable

Router(config)#aaa dnis map 8888 authorization network group group1

Router(config)#exit

Router#copy run start

 

In the above example, we are using the “aaa dnis map authorization network group” command to map the 8888 DNIS number to the RADIUS server group called group1. The server group (group1) will use RADIUS server 172.30.0.0 for authorization requests for users dialing in with DNIS 8888. 

 

And, just like mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:

 

Router(config)#no aaa dnis map 8888 authorization network group group1

  

By the way, if you decide to use the command, make sure your router(s) is running Cisco IOS 12.1(1)T or higher.

 

I hope this article was very informative and helped you quickly understand the usage of the aaa dnis map authorization network group command. If you need to learn more; I suggest you visit my website, (www.ccnaittechtips.com) were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.

 

To your success,

 

Charles Ross

CCNA- CCNP #CSCO10444244

http://www.ccnaittechtips.com