Radius with AAA Authentication
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2005 11:33 AM - edited 03-02-2019 10:27 PM
Having an issue with this and was hoping someone could help me out. We setup Radius with the AAA Authentication and everything works fine. So I wanted to make sure that we could still login if the IAS server goes down. Here's my config.
aaa new-model
aaa authentication login default group radius local
aaa authentication login if_needed local
aaa authorization exec default group radius if-authenticated
line vty 0 4
login authentication default
- Labels:
-
Other Networking

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2005 12:44 PM
I have the same setup (Microsoft IAS & AAA IOS clients). I just tried this and it works for me. My config is:
aaa new-model
aaa group server radius Radius-Servers
server 10.1.1.1 auth-port 1812 acct-port 1813
!
aaa authentication login default group Radius-Servers local
aaa authentication enable default group Radius-Servers enable
aaa authentication dot1x default group Radius-Servers
aaa authorization exec default group Radius-Servers if-authenticated
aaa authorization network default group Radius-Servers
aaa accounting dot1x default start-stop group Radius-Servers
aaa accounting exec default start-stop group Radius-Servers
!
radius-server host 10.1.1.1 auth-port 1812 acct-port 1813 key rad-key
!
I also have a user in global config and the enable secret set:
username fallback password cisco
!
It takes a few seconds for the server to time out before it uses the fallback account. Also the enable password prompt is presented twice: once as it tried the Radius server and then again after the timeout.
Andy
