cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
452
Views
0
Helpful
1
Replies

Radius with AAA Authentication

jobegates
Level 1
Level 1

Having an issue with this and was hoping someone could help me out. We setup Radius with the AAA Authentication and everything works fine. So I wanted to make sure that we could still login if the IAS server goes down. Here's my config.

aaa new-model

aaa authentication login default group radius local

aaa authentication login if_needed local

aaa authorization exec default group radius if-authenticated

line vty 0 4

login authentication default

1 Reply 1

I have the same setup (Microsoft IAS & AAA IOS clients). I just tried this and it works for me. My config is:

aaa new-model

aaa group server radius Radius-Servers

server 10.1.1.1 auth-port 1812 acct-port 1813

!

aaa authentication login default group Radius-Servers local

aaa authentication enable default group Radius-Servers enable

aaa authentication dot1x default group Radius-Servers

aaa authorization exec default group Radius-Servers if-authenticated

aaa authorization network default group Radius-Servers

aaa accounting dot1x default start-stop group Radius-Servers

aaa accounting exec default start-stop group Radius-Servers

!

radius-server host 10.1.1.1 auth-port 1812 acct-port 1813 key rad-key

!

I also have a user in global config and the enable secret set:

username fallback password cisco

!

It takes a few seconds for the server to time out before it uses the fallback account. Also the enable password prompt is presented twice: once as it tried the Radius server and then again after the timeout.

Andy