Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RADIUS authentication

0 views
Skip to first unread message

Fatman Superstar

unread,
Jan 8, 2004, 10:26:23 AM1/8/04
to
Hello All,

We have a variety of Cisco kit in our lab which also hosts a Win2000 AD
domain.

Rather than using local enable passwords for the devices which we give out
to certain people, I would like to be able to tie in AD permissions to cisco
boxes using RADIUS.

We have an IAS server which support RADIUS. However I have come accross the
usual problems, is there any examples I can experiment with or documentation
on this. The majority of items I find relate to MAC or VPN. Can what I am
attempting be acheived?

Many Thanks

Fat


Scooby

unread,
Jan 8, 2004, 8:35:00 PM1/8/04
to
"Fatman Superstar" <fatman.s...@blueyonder.co.uk> wrote in message
news:zEeLb.9842$ew4.10...@news-text.cableinet.net...

Yes, in deed. This is doable and works well. Here is a good doc to get you
started. Let me know if you run in to any problems with it.

http://www.giac.org/practical/GCWN/Damon_Martin.pdf

Just an extra hint... They list the local login second and only if the
radius is not available. That has its benefits, but I prefer the local
login not to have to wait on the timeout from radius. So, my aaa line looks
like this:

aaa authentication login default local group radius
aaa authorization exec default local group radius if-authenticated

Hope that helps,

Jim

Fatman Superstar

unread,
Jan 9, 2004, 11:59:00 AM1/9/04
to
Great stuff!!! Cheers


"Scooby" <mmsc...@removeme.earthlink.net> wrote in message
news:qznLb.82$rj...@fe01.usenetserver.com...

0 new messages