Solved: Re: how do i create acl for ssh radius authentication

lightning668 · ‎12-19-2020

Hi, how do I create ACL to only allow certain routers to access the radius server for aaa authentication with radius server login . i tried implementing

Changi(config)#access-list 100 permit tcp 10.0.0.124 0.0.0.3 10.0.0.96 0.0.0.15 eq 22

but it doesn't seem to allow login with radius server users.

should the destination host be the radius server IP address or the network address of the subnet that consist of the radius server?

Thanks in advance

Georg Pauwen · ‎12-19-2020

Hello,

what RADIUS ports do you have specified ? Most recent RADIUS implementations use:

UDP/1812 --> authentication/authorization
UDP/1813 --> accounting

or, on older implementations:

UDP/1645 --> authentication/authorization
UDP/1646 --> accounting

View solution in original post

Georg Pauwen · ‎12-19-2020

Hello,

what RADIUS ports do you have specified ? Most recent RADIUS implementations use:

UDP/1812 --> authentication/authorization
UDP/1813 --> accounting

or, on older implementations:

UDP/1645 --> authentication/authorization
UDP/1646 --> accounting

Mark Elsen · ‎12-19-2020

- Try the example (albeit modified for your subnet) , from this link :

https://www.certificationkits.com/cisco-certification/ccna-articles/cisco-ccna-access-lists/configuring-telnet-a-ssh-via-an-acces-list/

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)