Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
0
Helpful
1
Replies

Cisco ISR connecting to two AAA servers for authentication

jdesaul
Level 1
Level 1

‎06-26-2018 06:02 PM - last edited on ‎02-21-2020 11:41 PM by Community Manager

Hello,

Please see attached diagram.

In my network, there is a Cisco ISR that is co-managed by two different administrators. Each administrator's credentials are held on its own separate AAA server. 

Is there a way for the Cisco ISR to have an AAA authentication configuration to support this design? For example:

- when administrator #1 attempts an SSH session to the ISR, can the ISR validate his credentials to the AAA server "blue"?

- when administrator #2 attempts an SSH session to the ISR, can the ISR validate his credentials to the AAA server "red"?

I am not 100% sure if the Cisco ISR can support this and wanted to confirm - I have a feeling that as long as the first AAA server is functional and returning a response, the second AAA server will not be consulted for authentication.

Thank you,

Joel

Labels:
Preview file
31 KB
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎06-26-2018 11:43 PM

Best Approach - Make a 2 Groups in one AAA (Club AAA 2 in to 1 and make active standby)  and add the users in the Group.

 

Other Options :

AAA Server can send the request to other AAA Server act as a proxy. (this required bit tweaking in config and more complicated than expected)

 

BB

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents