Re: AAA authentication & CiscoWorks

cbuzzard · ‎06-30-2004

Hi all -

We use the configuration management piece of CW2K to download each of our device configurations. We are looking at going to AAA using SecurID for authentication. However, if we setup our VTY access to have an authentication scheme of '...group radius local-case' then our ciscoworks download will never authenticate.

Has anyone else run into this, or I am just missing something? Do we have to accept we can't download configs on devices we aaa enable?

Thanks!

chad

jleon22 · ‎07-02-2004

In creating the profiles for your devices in CW2K, you are able to give a tacacs account and pasword. You could create a tacacs account on the ACS for the CW2k to download the configs.

cbuzzard · ‎07-02-2004

Thanks for the reply. In order to clarify, our initial use of this will only use RADIUS against the RSA RADIUS server, we don't have ACS yet. Looks like I'm either out of luck or have to switch my profile order to local radius instead.

thanks

jleon22 · ‎07-02-2004

Oh, I see, I think I'm starting to understand a bit clearer. Would it be possible to configure the RSA Radius server to create a CW2k account with a static password that can only originate from the source ip address of the CW2k server? Those restrictions on that account can satisify most of the security policy folks.

AAA authentication & CiscoWorks

ASA： aaa authorization exec authentication-server auto-enable 機能

AnyConnect syslog AAA user authentication rejected

AAA Authentication

Is MSCHAP possible with aaa radius authentication?

Cisco AAA RADIUS - What Authentication Protocol Does It Use?