AAA Authentication Question

[RayWilson]

I have been given the task of looking at and cleaning up six Cisco routers that join to make up our clients network. Two of the routers have AAA authentication commands in them. I am hoping someone can give me more information about what they do. The relevant parts of the scripts are:

[Router 1]
aaa new-model
aaa authentication login default local
aaa authentication login console enable
username canmore-gw password <Encrypted>
username root password <Encrypted>
username taitk password <Encrypted>

[Router 2]
aaa new-model
aaa authentication login default local
aaa authentication login console enable
aaa authentication login vty local
aaa authentication login dialin local
aaa authentication ppp default local
aaa authentication ppp dialin if-needed local
username canmore-gw password <Encrypted>
username root password <Encrypted>
username craigmillar-gw password <Encrypted>
username taitk password <Encrypted>

I want to keep the routers as consistent as possible in their setup but am taking a minimalistic approach. Why would they be in the scripts? How can I confirm that it is OK to take them out?

Cheers

Ray Wilson

 

[loopback0]

From what I can see these aaa commands are doing nothing. They are all querying the local device for usernames and passwords.

If you had something like
aaa authentication login default tacacs local

first a tacacs server would be queried and only if the server could not be contacted would the local username and passwords be used. If the server denied access the local database would never be consulted. From what I can see of your config everything is being authenticated locally so using aaa in this case makes little sense. The same result can be achieved without aaa