Solved: AAA Config - Page 2

Robert Craig · ‎12-11-2011

Can anyone give me an example of an AAA configuration for local database and active directory? I've configured it for active directory to supply for my VPN clients (which still don't work by the way) and now I can't SSH into my router with either a AD or local account. All I can do right now is hook up a console cable. Any help is appreciated. Thanks!

Robert Craig · ‎12-13-2011

Yeah, I guess they are. But, I think you or someone mentioned that I need to separate the two. I guess for future use I can turn off radius for SSH without affecting VPN. I can even create a separate one for console and SSH. I'm sure some security expert out there would agree to keep them separate for some security reason. Controlled access maybe? Regards, everything is working great now. Thanks a lot Rick for your help. I think I'm fairly comfortable with AAA now. Next I'm gonna implement it on my switch behind my firewall which should be pretty easy.

Robert

Richard Burts · ‎12-13-2011

Robert

In the early stages of understanding your issues and trying to find solutions I understood that Radius authentication was working for VPN but not working or not satisfactory for SSH. So I suggested creating an alternate named method which would allow authentication for SSH to work differently from authentication for VPN. As we have worked through the issues now it seems that Radius authentication for SSH is working and satisfactory. So it is a good thing to have a primary authentication method and a backup authentication method.

It certainly is possible to keep both methods in the configuration. And doing this may give you some flexibility if requirements should change in the future.

Good luck with your continued learning about AAA.

HTH

Rick

HTH

Rick