Radius and cisco 3550

Unanswered Question
Jul 24th, 2007


i want to insert 20 switch of my network under authentication trought RADIUS SERVER (IAS , windows 2003 server)

ON windows 2003 - IAS

I've create the object with the ip of the switch in the folder "Client RADIUS" and i created the REMOTE Access Policy and in the metodh oh authentication i have selected MD5-challenged.

On my switch, i inserted this command:

aaa new-model

aaa authorization network default group radius none

server-radius host auth 1812 acc 1813

server-radius key cisco

i want exclude the console connection with a radius authentication.

have you a link that explain this?

or can you posted a configuration of switch that have the authentication at the radius?

Thanks for your help


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
simonstoll Tue, 07/24/2007 - 02:28


That should work for you:

aaa new-model

aaa group server radius rad_admin

server auth-port 1812 acct-port 1813

aaa authentication login default group rad_admin

aaa authentication login Console line

aaa authorization exec default group rad_admin

radius-server host auth-port 1812 acct-port 1813 key XXXXXXXXXXXXXXXXX

line con 0


login authentication Console

You have to check wetherever your server works on TCP 1812/1813 or 1645/1646.

With this config you can also login directly to enable mode, if you supply the Radius Atribute

009/001 cisco av-Pair "shell:priv-lvl=15"

Hope that helps (if it does, don't forget to rate)



This Discussion