Cisco Cisco IOS Software Release 12.2(27)SBC

Add the new cache profile group in the authentication and authorization method list and change the 
method order so that the cache profile group is queried last.

configure terminal

aaa new-model

! Define aaa cache profile groups and the rules for what information is saved to cache.

aaa cache profile admin_users

profile admin1

profile admin2

profile admin3

exit

aaa cache profile abcusers

profile .*@abc.com only no-auth

exit

! Define server groups that use the cache information in each cache profile group.

aaa group server tacacs+ admins@companyname.com

server 10.1.1.1

server 10.20.1.1

cache authentication profile admin_users

cache authorization profile admin_users

exit

aaa group server radius abcusers@abc.com

server 172.16.1.1

server 172.20.1.1

cache authentication profile abcusers

cache authorization profile abcusers

exit

! Update authentication and authorization method lists to specify how cache is used.

aaa authentication login default cache admins@companyname.com group 

admins@companyname.com

aaa authorization exec default cache admins@companyname.com group admins@companyname.com

aaa authentication ppp default group abcusers@abc.com cache abcusers@abc.com

aaa authorization network default group abcusers@abc.com cache abcusers@abc.com

end

The following sections provide references related to implementing authentication and authorization 
profile caching.

Authentication configuring tasks

“Configuring Authentication” chapter in the Cisco IOS Security 
Configuration Guide, Release 12.2

Authorization configuration tasks

“Configuring Authorization” chapter in the Cisco IOS Security 
Configuration Guide, Release 12.2

RADIUS configuration tasks

“Configuring RADIUS” chapter in the Cisco IOS Security 
Configuration Guide, Release 12.2