Using radius in switch authentication

Unanswered Question
Feb 6th, 2008

I have configured aaa command

"aaa authentication login default group radius none" to cisco switch. If i shutdown windows IAS server where i have configure client(cisco switch) i can get in to switch because of that "none" condition. But if our IAS server is up but MS Active directory server is down can i get in to switch in that case.(does that condition "none" still be valid.

Any idea

thanks

Juha

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 3 (1 ratings)
Jagdeep Gambhir Wed, 02/06/2008 - 05:37

Juhu,

It will fallback only if there is no respose from IAS or it returns with "error". If IAS do not respond , it will fallback and if IAS responds "user not found" then won't fall back.

In ACS if AD is down then it returns value "user not found" (no fallback)

Regards,

~JG

Do rate helpful posts

u346874_2 Wed, 02/06/2008 - 06:03

thanks

One more question.

What do you thing.Is only way to keep access to switch during AD server down using command like "aaa authentication login default group radius none local" and creting local user and password to switch.

juha

Jagdeep Gambhir Thu, 02/07/2008 - 06:52

Juhu,

No need to use work "none"

This command will do the needful

aaa authentication login default group radius local

Regards.

~JG

Do rate helpful posts

u346874_2 Fri, 02/08/2008 - 01:48

Thanks again.

So if AD is down and i use that "aaa authentication login default group radius local " switch do fallback. That is quiet hard to test because AD server must be up. : )

Or how to make sure that when AD is down i still have access to switch.

Juha

Actions

Login or Register to take actions

This Discussion

Posted February 6, 2008 at 3:18 AM
Stats:
Replies:4 Avg. Rating:3
Views:287 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard