07-13-2004 05:50 AM - edited 03-10-2019 07:54 AM
Hi,
I'm using AAA/RADIUS but want to allow a particular user to access the
router via local login with username and password. This will actually run an
autocommand to allow them to see what they need and nothing else.
Question:
How do I allow this user to bypass RADIUS? If I give them a RADIUS login,
they will get access to all the routers. Ideally I would like to create
subgroups in RADIUS for this, but this is not implemented yet and I need a
workaround in the meantime.
Thanks,
Chris
07-19-2004 08:20 PM
Hi
just gone thru ur query ,y dont u try creating a access list permittin the required hosts to telnet the router and apply the same under line vty.i hvnt tried this scenario but i think it shuld work..
regds
prem
07-20-2004 03:12 AM
Hi!
You can bybass the Radius server using local authentication.Pl. configure below commands in your global mode of router.
aaa authentication login default local
aaa authentication login local_auth local
It will not get authentication from Radius.
Hope it helps.
Have fun.
Regds
Vimal
07-20-2004 04:34 AM
Thanks for the reply, but I need to keep radius; just need to authenticate this one particular user against a local username. Setting the default method-list local won't do this.
There are 2 local usernames configured - one of the local usernames must only be checked for access AFTER RADIUS authentication has failed eg server is down. But for the second username - and this is a special case only - I need the local username checked ONLY and BEFORE RADIUS tries to authenticate, because I cannot offer this user a radius login.
I hope it's a little clearer.
Cheers,
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide