Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1748
Views
5
Helpful
5
Replies

RADIUS & AAA Info

sagittarius
Level 1
Level 1

‎06-21-2003 02:15 AM - edited ‎03-10-2019 07:22 AM

Hi,

I want to configure RADIUS authentication for all the Routers.

Which RADIUS server should I use? W2K or UNIX

There should be only one user ID for each administrators, using this ID they should be able to login to all the routers, but should have different privileges on different routers.

How can I achieve this … is this possible?

Regards

Labels:
0 Helpful
5 Replies 5

ywadhavk
Cisco Employee
Cisco Employee

‎06-21-2003 08:24 AM

Hi Saggi,

Unix ACS is end-of-sales and soon end-of-support. You should go for the Win2k ACS platform.

The below url, explains how to implement the privilege levels for a particular user.

http://www.cisco.com/en/US/partner/tech/tk583/tk547/technologies_tech_note09186a008009465c.shtml

Thanks,

Yatin

0 Helpful

mhoda
Level 5
Level 5

‎07-01-2003 09:20 PM

Hi,

W2K as suggested by the previous post. You can dowload the trial version from here -

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-eval

Also, to address to the last part of the question, here is the procedure on ACS -

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user/u.htm#186824

And along with other commands, you will need the follwing line on the router -

aaa authorization commands 0 default group tacacs+

aaa authorization commands 1 default group tacacs+

aaa authorization commands 15 default group tacacs+

0 Helpful

sagittarius
Level 1
Level 1
In response to mhoda

‎07-02-2003 07:52 AM

I have installed RADIUS on W2K machine, Can i configure privelege for diffrent users.

0 Helpful

ywadhavk
Cisco Employee
Cisco Employee
In response to sagittarius

‎07-02-2003 08:29 AM

Hi,

You need to have TACACS+ for this.

Please see the info on the below url

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user/u.htm#187076

Thanks,

yatin

0 Helpful

ywadhavk
Cisco Employee
Cisco Employee
In response to ywadhavk

‎07-02-2003 08:33 AM

If you are doing command authorization, then TACACS+ is required. That was what I was referring to in my last post.

For assigning privilege levels using Radius, follow this;

CiscoSecure NT RADIUS

Follow these steps to configure the server.

In the Group Settings for IETF, Service-type (attribute 6) = Nas-Prompt

In the CiscoRADIUS area, check AV-Pair, and in the rectangular box underneath, enter shell:priv-lvl=7.

As an example, priv level 7 is assigned.

Hope this helps,

yatin

Customers Also Viewed These Support Documents