Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1005
Views
5
Helpful
1
Replies

Switch Radius challenge 2 out of 5 user accounts

Marcus Peck
Level 1
Level 1

‎08-25-2019 08:37 PM

Hello, I have a Cisco Catalyst 9300 running 16.9 IOS XE. I have a RADIUS server to authenticate users in this switch as well. Currently it is authenticating all users in this switch, is it possible to exclude some users, for example, admin user, from being authenticating via the RADIUS but only authenticating locally in the switch?

Labels:
0 Helpful
1 Reply 1

bobbycornetto
Level 1
Level 1

‎09-05-2019 09:55 AM

Just set up some of the VTY lines to authenticate to local, and some to RADIUS like this. Change the number of VTY connections for each aaa type to fit your needs. 

 

aaa authentication login LOCAL_AUTH local

aaa authorization exec LOCAL_AUTHOR local

 

aaa authentication login RAD_AUTH group radius

aaa authorization exec RAD_AUTHOR group radius

 

line vty 0 1

login authentication LOCAL_AUTH

authorization exec LOCAL_AUTHOR

line vty 2 15

login authentication RAD_AUTH

authorization exec RAD_AUTHOR

 

There's a little RADIUS config where you configure the IPs of your servers, etc. I think it's just "radius server <NAME>" and then you're in config mode for that setting, and you add IPs.

Customers Also Viewed These Support Documents