10-20-2008 03:04 PM - edited 03-04-2019 12:00 AM
can any one explain Pls, ( line by line if possible ), I figured out that is the only way I can learn @ work. well @ least it will make a sense when I am looking @ the config.. Thanks a Lot
!
aaa group server radius Radius
server x.x.x.x auth-port xxxx acct-port xxxx
server x.x.x.x auth-port xxxx acct-port xxxx
!
aaa authentication login Remote group radius enable
!
clock timezone EST -5
clock summer-time EDST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
ip subnet-zero
ip routing
!
ip name-server x.x.x.x
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
interface Loopback0
ip address x.x.x.x 255.255.255.255
!
interface GigabitEthernet0/1
description GI0/1-xx-xx-GI0/1
no switchport
ip address x.x.x.x 255.255.255.128
no ip redirects
ip ospf cost 50
standby 1 ip x.x.x.x
standby 1 preempt
!
!
router ospf 1
router-id x.x.x.x
log-adjacency-changes
passive-interface GigabitEthernet0/3
network 0.0.0.0 255.255.255.255 area x.x.x.x
!
ip classless
no ip http server
ip radius source-interface Loopback0
!
logging source-interface Loopback0
logging x.x.x.x
access-list 99 permit x.x.x.x
access-list 99 permit x.x.x.x x.x.x.x
snmp-server community xx RO 99
radius-server host x.x.x.x auth-port xxx acct-port xxx key x.x.x.x
radius-server retransmit 3
!
!
ntp clock-period xxxxx
ntp server x.x.x.x
!
Solved! Go to Solution.
10-21-2008 12:23 PM
Hello ocporbust,
let's go on this :
aaa group server radius Radius
server x.x.x.x auth-port xxxx acct-port xxxx
server x.x.x.x auth-port xxxx acct-port xxxx
!
aaa authentication login Remote group radius enable
the last explained in the other post instructs the router to use an authentication method called Remote that uses Radius server group that is defined in the lines above and contains two servers : the first is used if not available the router will contact the second one.
! clock explained in other thread
! usage of first subnet when subnetting
ip subnet-zero
! enable ipv4 routing
ip routing
! define DNS server
ip name-server x.x.x.x
!
! enables STP in mode PVST+
spanning-tree mode pvst
! usage of a modified priority in each Vlan
spanning-tree extend system-id
!
Interface g0/1 is a routed port not a switching port.
standby = HSRP
the ip ospf cost is modified from 1 to 50
an OSPF process is configured
all interfaces are in area x.x.x.x
int gi0/3 cannot build OSPF adjacencies = passive
ip classless
! ip routing will use a default route
! for unknown subnets of net 10/8
Then:
the http server is disabled
packets sent to the radius server(s) use a source = Loop0's ip address
the same for the messages to the syslog
then access-list 99 is defined and used to define the source ip addresses that can send SNMP queries if they use the right community xx but only with read only rights RO.
other radius commands similar to the ones at the beginning
then ntp commands that are used to sync the clock with an external source
Hope to help
Giuseppe
10-21-2008 12:23 PM
Hello ocporbust,
let's go on this :
aaa group server radius Radius
server x.x.x.x auth-port xxxx acct-port xxxx
server x.x.x.x auth-port xxxx acct-port xxxx
!
aaa authentication login Remote group radius enable
the last explained in the other post instructs the router to use an authentication method called Remote that uses Radius server group that is defined in the lines above and contains two servers : the first is used if not available the router will contact the second one.
! clock explained in other thread
! usage of first subnet when subnetting
ip subnet-zero
! enable ipv4 routing
ip routing
! define DNS server
ip name-server x.x.x.x
!
! enables STP in mode PVST+
spanning-tree mode pvst
! usage of a modified priority in each Vlan
spanning-tree extend system-id
!
Interface g0/1 is a routed port not a switching port.
standby = HSRP
the ip ospf cost is modified from 1 to 50
an OSPF process is configured
all interfaces are in area x.x.x.x
int gi0/3 cannot build OSPF adjacencies = passive
ip classless
! ip routing will use a default route
! for unknown subnets of net 10/8
Then:
the http server is disabled
packets sent to the radius server(s) use a source = Loop0's ip address
the same for the messages to the syslog
then access-list 99 is defined and used to define the source ip addresses that can send SNMP queries if they use the right community xx but only with read only rights RO.
other radius commands similar to the ones at the beginning
then ntp commands that are used to sync the clock with an external source
Hope to help
Giuseppe
10-23-2008 08:48 AM
Giuseppe
Thanks for taking the time to explain this. I am slow learner , but this help a lot. Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide