https://community.cisco.com/t5/network-access-control/aaa-configuration/m-p/666931#M422185 <HTML><HEAD></HEAD><BODY><P>Milan</P><P></P><P>Actually when you configure aaa new-model the vty lines automatically default to login authentication default, so specifying it is not required.</P><P></P><P>Also the given config does authentication for login but not for enable. The original post was a bit ambiguous about whether authentication for enable was required. But I do not remember seeing a real router config that did aaa authentication for login but not for enable. So I would suggest adding to the configuration:</P><P>aaa authentication enable default group radius enable</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Tue, 02 Jan 2007 15:12:58 GMT Richard Burts 2007-01-02T15:12:58Z https://community.cisco.com/t5/network-access-control/aaa-configuration/m-p/666929#M422181 <P>Hi, </P><P></P><P>Can anyone help me? I'm trying to implement RADIUS authentication for my Cisco switches and routers. Could anybody give me some configuration examples or a tip of how to point my switches and routers at a RADIUS server, and also to attempt authentication against RADIUS. Only using a locally configured account if RADIUS fails? </P><P></P><P>I have tryed the con following configuration but I'm not shure if that is correct:</P><P></P><P>aaa new-model </P><P>aaa authentication login default group radius local </P><P>aaa accounting network default init-stop group radius </P><P>radius-server host 10.132.100.1 auth-port 1812 acct-port 1813 key ciscosecure </P><P>radius-server retransmit 3 </P><P></P><P>Thank you, </P><P></P><P>Fernanda</P> Sun, 10 Mar 2019 21:53:48 GMT https://community.cisco.com/t5/network-access-control/aaa-configuration/m-p/666929#M422181 fernandacouto 2019-03-10T21:53:48Z https://community.cisco.com/t5/network-access-control/aaa-configuration/m-p/666930#M422183 <HTML><HEAD></HEAD><BODY><P>Hi Fernanda</P><P></P><P>You configuration looks good</P><P>Only you need apply the authentication list to specific line (vty, console)</P><P>fe.</P><P>router(config)#line vty 0 4</P><P>router(config-line)login authentication default</P><P></P><P>Because you are using radius server also server must be configured properly (router IP, key...)</P><P>If you need more info about AAA login configuration check following link</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7a8.html#wp1001032" target="_blank">http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7a8.html#wp1001032</A></P><P>M.</P><P>hope that helps rate if it does</P><P></P><P></P></BODY></HTML> Tue, 02 Jan 2007 14:25:48 GMT https://community.cisco.com/t5/network-access-control/aaa-configuration/m-p/666930#M422183 m.sir 2007-01-02T14:25:48Z https://community.cisco.com/t5/network-access-control/aaa-configuration/m-p/666931#M422185 <HTML><HEAD></HEAD><BODY><P>Milan</P><P></P><P>Actually when you configure aaa new-model the vty lines automatically default to login authentication default, so specifying it is not required.</P><P></P><P>Also the given config does authentication for login but not for enable. The original post was a bit ambiguous about whether authentication for enable was required. But I do not remember seeing a real router config that did aaa authentication for login but not for enable. So I would suggest adding to the configuration:</P><P>aaa authentication enable default group radius enable</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Tue, 02 Jan 2007 15:12:58 GMT https://community.cisco.com/t5/network-access-control/aaa-configuration/m-p/666931#M422185 Richard Burts 2007-01-02T15:12:58Z https://community.cisco.com/t5/network-access-control/aaa-configuration/m-p/666932#M422188 <HTML><HEAD></HEAD><BODY><P>In addidtion to Rick's comment below, I don't see that you've "authorization" statement.</P><P></P><P>You can add the following:</P><P></P><P>aaa authorization exec default if-authenticated </P><P>aaa authorization network default group radius local </P><P></P><P>HTH,</P><P>hieu</P><P></P><P>pls rate post if helpful.</P></BODY></HTML> Tue, 02 Jan 2007 17:43:55 GMT https://community.cisco.com/t5/network-access-control/aaa-configuration/m-p/666932#M422188 Hieu Cao 2007-01-02T17:43:55Z https://community.cisco.com/t5/network-access-control/aaa-configuration/m-p/666933#M422190 <HTML><HEAD></HEAD><BODY><P>Hi Fernanda, </P><P></P><P>Your configuration seems to be OK. </P><P>more info you can find here:</P><P> </P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7ab.html" target="_blank">http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7ab.html</A></P><P></P><P>Hope it helps. If it does please rate.</P><P></P><P>Regards,</P><P></P><P>Rafael Lanna</P></BODY></HTML> Tue, 02 Jan 2007 19:00:42 GMT https://community.cisco.com/t5/network-access-control/aaa-configuration/m-p/666933#M422190 rafa_lanna 2007-01-02T19:00:42Z