Radius with AAA Authentication

jobegates · ‎04-13-2005

Having an issue with this and was hoping someone could help me out. We setup Radius with the AAA Authentication and everything works fine. So I wanted to make sure that we could still login if the IAS server goes down. Here's my config.

aaa new-model

aaa authentication login default group radius local

aaa authentication login if_needed local

aaa authorization exec default group radius if-authenticated

line vty 0 4

login authentication default

andrew.butterworth · ‎04-13-2005

I have the same setup (Microsoft IAS & AAA IOS clients). I just tried this and it works for me. My config is:

aaa new-model

aaa group server radius Radius-Servers

server 10.1.1.1 auth-port 1812 acct-port 1813

!

aaa authentication login default group Radius-Servers local

aaa authentication enable default group Radius-Servers enable

aaa authentication dot1x default group Radius-Servers

aaa authorization exec default group Radius-Servers if-authenticated

aaa authorization network default group Radius-Servers

aaa accounting dot1x default start-stop group Radius-Servers

aaa accounting exec default start-stop group Radius-Servers

!

radius-server host 10.1.1.1 auth-port 1812 acct-port 1813 key rad-key

!

I also have a user in global config and the enable secret set:

username fallback password cisco

!

It takes a few seconds for the server to time out before it uses the fallback account. Also the enable password prompt is presented twice: once as it tried the Radius server and then again after the timeout.

Andy

Radius with AAA Authentication

Is MSCHAP possible with aaa radius authentication?

AAA Authentication

ASA： aaa authorization exec authentication-server auto-enable 機能

ASR9k aaa Radius authentication issues

【TAC分享】使用Test AAA命令检验WLC与Radius server连通性