Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1672
Views
0
Helpful
1
Replies

config on one NAS two separate authentication server, that each one refer to different interface

admin_2
Level 3
Level 3

‎07-03-2002 01:46 PM - edited ‎02-21-2020 10:01 AM

Is it possible to config on one NAS two separate authentication server that each one refer to different interface ?

Labels:
0 Helpful
1 Reply 1

Not applicable

‎07-03-2002 01:46 PM

To get dialin users on one interface to authenticate on one RADIUS server and users on another interface to authenticate to another:

1) Define all RADIUS servers you want to use (or TACACS if you're using that) with "radius-server host xyz xyzkey".

2) Define the set of RADIUS servers you want to use to authenticate each interface (might be just one server for each in your case) in an aaa server group: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/serv_grp.htm Give them descriptive names, like RegularServerGroup or SpecialServerGroup. Make another aaa server group for the second set of RADIUS servers you want to use for the other interface.

3) Make named aaa authentication (and authorization and accounting if you need them) lists using each group. For example: "aaa authentication ppp RegularUsers group RegularServerGroup", "aaa authentication ppp SpecialUsers group SpecialServerGroup".

4) Apply those named lists to the right interfaces. "interface ABC", "ppp authentication RegularUsers", "interface XYZ", "ppp authentication SpecialUsers". Add ppp authorization and accounting lines if you need them.

0 Helpful
Customers Also Viewed These Support Documents