cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
253
Views
0
Helpful
3
Replies

Authentication on Switch for few IP addresses

joel.amouzou1
Level 1
Level 1

Hi,

 

I have a Radius server wich has to authenticate users in order to allow them a connection on routers. In this case, each router is a NAS(Network Access Server). A fallback method, has been defined in startup&running configuration.

I try to find a method to make Radius authentication for the most requests send and allow local authentication(means on the router, based on the local account defined on configuration file) for few IP addresses. So those few IP addresses don't have to request the Radius Server (bypass of the Radius Server for operate authentication made on local accounts)before to be authenticate.

Is there a method, that exists to do such a scheme?

Thank you for your help,

3 Replies 3

nspasov
Cisco Employee
Cisco Employee

I think this might be possible by using the rotary mechanism where you can bind a different ssh/telnet based port to a specific VTY lines. Then you can apply a different policy on those VTY lines and assign them an access-list where they are only permitted from specific IPs. Here is a document that explains the rotary functionality:

http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/active-network-abstraction/prod_white_paper0900aecd805f7ca2.html

 

Thank you for rating helpful posts!

Hi Neno,

Thank you for your information. I have worked on anonther prior project that why my answer arrive with late. I have looked the page indicated and the idea describe seems good.

Thanks a lot ;-)

--

Joël

 

 

You are welcome! Try it out and let us know how it goes. 

 

Thank you for rating helpful posts!