Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1595
Views
5
Helpful
3
Replies

EEM script with AAA radius confgured

Romanpreet Singh
Level 1
Level 1

‎04-26-2018 05:01 AM - edited ‎03-01-2019 06:33 PM

HI

I have included the given line in my EEM script 

event manager session cli username "USER"

 

The "USER" is a AAA user authenticated via ACS. The fall back method for radius is local.

My question is how the authentication will work in case the router loose contact with ACS. If it falls back to local authentication, then do I need to add local username also in the EEM script or no?

Labels:
0 Helpful
3 Replies 3

Joe Clarke
Cisco Employee
Cisco Employee

‎04-26-2018 09:07 AM

EEM does not do anything with authentication.  It only use the session username for authorization.  If you don't have command authz configured, then you don't need to configure this user.

If you do have command authz configured, and you have a fallback to local, then you will need to configure this same user locally on the device with the appropriate authz config.

Romanpreet Singh
Level 1
Level 1
In response to Joe Clarke

‎04-27-2018 02:49 AM

Hi Joe

 

Thanks for reply.

I have another doubt. I have configured "enable secret" password too. Does that have any effect on EEM script execution because we as per script we do enter "enable" command in it.

 

Thanks

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to Romanpreet Singh

‎04-27-2018 07:05 AM

Again, EEM does not do anything with authentication.  You will never need to provide a password in your policies unless you're interacting with a remote device.

0 Helpful
Customers Also Viewed These Support Documents