#vir telnet 10.1.1.1  (一般使用global地址)

#access-list auth permit tcp any any eq http
#access-list auth permit tcp any any eq telnet    //http和telnet协议捆绑抓流量
#aaa-server 3a protocol tacacst+
#aaa-server 3a host 20.1.1.241     //20.1.1.241是aaa服务器
#key cisco
#exit
#test aaa-server authentication 3a host 20.1.1.241 username pixaaa password cisco  //验证3a上的用户名和密码
#aaa authentication auth inside 3a    //调用"auth"流量做3a验证

#show uauth

 

授权：
#access-list auth permit icmp any any
#aaa authorization match auth inside 3a    //抓取"auth"这个acl做授权

查看原文：http://www.laogebo.com/archives/335.html