Authentication on Switch for few IP addresses

joel.amouzou1 · ‎07-08-2015

Hi,

I have a Radius server wich has to authenticate users in order to allow them a connection on routers. In this case, each router is a NAS(Network Access Server). A fallback method, has been defined in startup&running configuration.

I try to find a method to make Radius authentication for the most requests send and allow local authentication(means on the router, based on the local account defined on configuration file) for few IP addresses. So those few IP addresses don't have to request the Radius Server (bypass of the Radius Server for operate authentication made on local accounts)before to be authenticate.

Is there a method, that exists to do such a scheme?

Thank you for your help,

nspasov · ‎07-11-2015

I think this might be possible by using the rotary mechanism where you can bind a different ssh/telnet based port to a specific VTY lines. Then you can apply a different policy on those VTY lines and assign them an access-list where they are only permitted from specific IPs. Here is a document that explains the rotary functionality:

http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/active-network-abstraction/prod_white_paper0900aecd805f7ca2.html

Thank you for rating helpful posts!

joel.amouzou1 · ‎09-16-2015

Hi Neno,

Thank you for your information. I have worked on anonther prior project that why my answer arrive with late. I have looked the page indicated and the idea describe seems good.

Thanks a lot ;-)

--

Joël

nspasov · ‎09-16-2015

You are welcome! Try it out and let us know how it goes.

Thank you for rating helpful posts!