Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Radius Authentication on Cisco Switches

0 views
Skip to first unread message

thejayman

unread,
Aug 15, 2007, 11:00:56 AM8/15/07
to
Hi All,
Sorry if this is a posted in the wrong group. I am trying to setup
RADIUS authentication to my cisco switches via a Windows IAS 2003
server.

After reading the Cisco docs I have come up with this config for the
switches.

aaa new-model
aaa authentication login default group radius local none
aaa authentication enable default group radius none
aaa authorization exec default group radius local if-authenticated
aaa authorization commands 0 default group radius none
aaa authorization commands 1 default group radius none
aaa authorization commands 15 default group radius none
aaa accounting exec default start-stop group radius
aaa accounting commands 15 default stop-only group radius
aaa accounting network default stop-only group radius
aaa accounting connection default stop-only group radius
aaa accounting system default stop-only group radius
!
tacacs-server host x.x.x.x
tacacs-server directed-request
tacacs-server key XXXXXXXXXX

What I do not userstand is how do I get user to log onto only get
level 0, 1 and 15. I assume I have to create new groups on the windows
AD side but how does this match the config above?
Sorry if I apear a bit dumd
J

Scooby

unread,
Aug 15, 2007, 11:26:17 AM8/15/07
to
Your radius server needs to set the privlege level. You can do this by
groups. Here is a great document for using IAS as a radius server with
Cisco equipment:

http://www.giac.org/certified_professionals/practicals/gcwn/0224.php

Hope that helps,

Jim


"thejayman" <jason....@derwent.co.uk> wrote in message
news:1187190056....@19g2000hsx.googlegroups.com...

thejayman

unread,
Aug 17, 2007, 10:56:33 AM8/17/07
to
Great doc.
Thanks for your help.
J

0 new messages