12-15-2021 04:43 AM
Hello, I need help to configure a line of code regarding the configuration of radius server in cisco ios.
my current line is: radius-server host "IP" auth-port 1812 acct-port 1813 key 7 xxxxx where "xxxxx" is a dinamic line.
I need to make no (current line) where a part (xxxxx) is dynamic changes for all devices.
On the other hand then I need to change the ip address, that's why I have to save xxxxx in a variable.
summary of what I want to do:
no radius-server host "IP" auth-port 1812 acct-port 1813 key 7 xxxxx
radius-server host "OTHER IP" auth-port 1812 acct-port 1813 key 7 xxxxx
where xxxxx is different for all devices.
Thanks a lot
Solved! Go to Solution.
12-15-2021 06:57 AM
@FPerroneUru you can use Ansible has a flexible inventory system https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html that pulls data from various sources to feed your models. The list of devices and the key/value pairs that are used to configure those devices are combined into the specific group of facts in each device’s context. You could do something like
- name: RADUIS SET UP hosts: cisco gather_facts: no connection: network_cli tasks: - name: SET RADUIS ios_config: commands: -radius-server host {{"OTHER IP"}} auth-port 1812 acct-port 1813 key 7 {{"KEY ONE"}}
This doc will show you how to build the correct inventory file https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
Hope this helps.
12-15-2021 06:57 AM
@FPerroneUru you can use Ansible has a flexible inventory system https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html that pulls data from various sources to feed your models. The list of devices and the key/value pairs that are used to configure those devices are combined into the specific group of facts in each device’s context. You could do something like
- name: RADUIS SET UP hosts: cisco gather_facts: no connection: network_cli tasks: - name: SET RADUIS ios_config: commands: -radius-server host {{"OTHER IP"}} auth-port 1812 acct-port 1813 key 7 {{"KEY ONE"}}
This doc will show you how to build the correct inventory file https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
Hope this helps.
12-16-2021 06:20 AM
Thank you very much! My solution my solution was to write "key" without encryption and then tell the cisco device to encrypt them in key7.
Previously using a reverse of the previous encrypted password.
For example:
reverse of xxxxx = "ThisIsMyKey"
no radius-server host {{"OLDER IP"}} auth-port 1812 acct-port 1813
(the previous line deletes the entire line with the key included)
radius-server host "OTHER IP" auth-port 1812 acct-port 1813 key 7 "ThisIsMyKey"
Now when executing "sh run | include radius" i see "ThisIsMyKey" escrypted.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide