02-10-2012 09:52 AM - edited 03-10-2019 06:49 PM
hi! is there anyway that i can authenticate user login thru Microsoft AD/IAS to the cisco switch/router without using Cisco ACS or any paid solution? Thx
02-10-2012 11:29 AM
Hello,
IOS configuration:
Switch(config)#radius-server host 192.168.250.20 key cisco123
Switch(config)#aaa authentication login default group radius local
Switch(config)#aaa authorization exec default group radius local
IAS configuration:
1) Define the RADIUS client entry:
2) Define the IAS Policies:
Click Edit Profile:
Enable all methods under Authentication Tab:
Under Advance leave only Service Type with Administrative value:
The AD acount needs to have Dial-In Permission as "Allow Acces".
Note: Click images to enlarge.
If this was helpful please rate.
Regards.
02-12-2012 07:01 AM
hi! What's the different between this method compared to ACS? I think in ACS you can grant different levels of rights, besides that any other different?
Thx.
02-13-2012 07:32 AM
Hello,
With the ACS server you include support to both TACACS+ (Device Management) and RADIUS (Network Access) authentication. With TACACS+ you can configure Command Restriction Sets and Assign specific Privilege Levels to the authenticated users.
As RADIUS is meant for Network Access (VPN, Wireless) device management authentication and authorization is limited.
Regards.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: