Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
781
Views
0
Helpful
4
Replies

AAA Configuration

Go to solution
fernandacouto
Level 1
Level 1

‎01-02-2007 05:30 AM - edited ‎03-10-2019 02:53 PM

Hi,

Can anyone help me? I'm trying to implement RADIUS authentication for my Cisco switches and routers. Could anybody give me some configuration examples or a tip of how to point my switches and routers at a RADIUS server, and also to attempt authentication against RADIUS. Only using a locally configured account if RADIUS fails?

I have tryed the con following configuration but I'm not shure if that is correct:

aaa new-model

aaa authentication login default group radius local

aaa accounting network default init-stop group radius

radius-server host 10.132.100.1 auth-port 1812 acct-port 1813 key ciscosecure

radius-server retransmit 3

Thank you,

Fernanda

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rafa_lanna
Level 1
Level 1

‎01-02-2007 11:00 AM

Hi Fernanda,

Your configuration seems to be OK.

more info you can find here:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7ab.html

Hope it helps. If it does please rate.

Regards,

Rafael Lanna

View solution in original post

0 Helpful
4 Replies 4

Go to solution
m.sir
Level 7
Level 7

‎01-02-2007 06:25 AM

Hi Fernanda

You configuration looks good

Only you need apply the authentication list to specific line (vty, console)

fe.

router(config)#line vty 0 4

router(config-line)login authentication default

Because you are using radius server also server must be configured properly (router IP, key...)

If you need more info about AAA login configuration check following link

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7a8.html#wp1001032

M.

hope that helps rate if it does

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to m.sir

‎01-02-2007 07:12 AM

Milan

Actually when you configure aaa new-model the vty lines automatically default to login authentication default, so specifying it is not required.

Also the given config does authentication for login but not for enable. The original post was a bit ambiguous about whether authentication for enable was required. But I do not remember seeing a real router config that did aaa authentication for login but not for enable. So I would suggest adding to the configuration:

aaa authentication enable default group radius enable

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Hieu Cao
Level 4
Level 4

‎01-02-2007 09:43 AM

In addidtion to Rick's comment below, I don't see that you've "authorization" statement.

You can add the following:

aaa authorization exec default if-authenticated

aaa authorization network default group radius local

HTH,

hieu

pls rate post if helpful.

0 Helpful

Go to solution
rafa_lanna
Level 1
Level 1

‎01-02-2007 11:00 AM

Hi Fernanda,

Your configuration seems to be OK.

more info you can find here:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7ab.html

Hope it helps. If it does please rate.

Regards,

Rafael Lanna

0 Helpful
Customers Also Viewed These Support Documents