Solved: how do i create acl for ssh radius authentication

lightning668 · ‎12-19-2020

Hi, how do I create ACL to only allow certain routers to access the radius server for aaa authentication with radius server login . i tried implementing

Changi(config)#access-list 100 permit tcp 10.0.0.124 0.0.0.3 10.0.0.96 0.0.0.15 eq 22

but it doesn't seem to allow login with radius server users.

should the destination host be the radius server IP address or the network address of the subnet that consist of the radius server?

Thanks in advance

Georg Pauwen · ‎12-19-2020

Hello,

what RADIUS ports do you have specified ? Most recent RADIUS implementations use:

UDP/1812 --> authentication/authorization
UDP/1813 --> accounting

or, on older implementations:

UDP/1645 --> authentication/authorization
UDP/1646 --> accounting

View solution in original post

Georg Pauwen · ‎12-19-2020

Hello,

what RADIUS ports do you have specified ? Most recent RADIUS implementations use:

UDP/1812 --> authentication/authorization
UDP/1813 --> accounting

or, on older implementations:

UDP/1645 --> authentication/authorization
UDP/1646 --> accounting

marce1000 · ‎12-19-2020

- Try the example (albeit modified for your subnet) , from this link :

https://www.certificationkits.com/cisco-certification/ccna-articles/cisco-ccna-access-lists/configuring-telnet-a-ssh-via-an-acces-list/

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '