AAA/RADIUS Authentication

cgravell · ‎07-13-2004

Hi,

I'm using AAA/RADIUS but want to allow a particular user to access the

router via local login with username and password. This will actually run an

autocommand to allow them to see what they need and nothing else.

Question:

How do I allow this user to bypass RADIUS? If I give them a RADIUS login,

they will get access to all the routers. Ideally I would like to create

subgroups in RADIUS for this, but this is not implemented yet and I need a

workaround in the meantime.

Thanks,

Chris

spremkumar · ‎07-19-2004

Hi

just gone thru ur query ,y dont u try creating a access list permittin the required hosts to telnet the router and apply the same under line vty.i hvnt tried this scenario but i think it shuld work..

regds

prem

vimal1980 · ‎07-20-2004

Hi!

You can bybass the Radius server using local authentication.Pl. configure below commands in your global mode of router.

aaa authentication login default local

aaa authentication login local_auth local

It will not get authentication from Radius.

Hope it helps.

Have fun.

Regds

Vimal

cgravell · ‎07-20-2004

Thanks for the reply, but I need to keep radius; just need to authenticate this one particular user against a local username. Setting the default method-list local won't do this.

There are 2 local usernames configured - one of the local usernames must only be checked for access AFTER RADIUS authentication has failed eg server is down. But for the second username - and this is a special case only - I need the local username checked ONLY and BEFORE RADIUS tries to authenticate, because I cannot offer this user a radius login.

I hope it's a little clearer.

Cheers,

Chris