Using radius in switch authentication

Unanswered Question
Feb 6th, 2008
User Badges:

I have configured aaa command

"aaa authentication login default group radius none" to cisco switch. If i shutdown windows IAS server where i have configure client(cisco switch) i can get in to switch because of that "none" condition. But if our IAS server is up but MS Active directory server is down can i get in to switch in that case.(does that condition "none" still be valid.


Any idea

thanks

Juha

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Jagdeep Gambhir Wed, 02/06/2008 - 05:37
User Badges:
  • Red, 2250 points or more

Juhu,

It will fallback only if there is no respose from IAS or it returns with "error". If IAS do not respond , it will fallback and if IAS responds "user not found" then won't fall back.


In ACS if AD is down then it returns value "user not found" (no fallback)


Regards,

~JG

Do rate helpful posts


u346874_2 Wed, 02/06/2008 - 06:03
User Badges:

thanks


One more question.

What do you thing.Is only way to keep access to switch during AD server down using command like "aaa authentication login default group radius none local" and creting local user and password to switch.



juha

Jagdeep Gambhir Thu, 02/07/2008 - 06:52
User Badges:
  • Red, 2250 points or more

Juhu,

No need to use work "none"


This command will do the needful


aaa authentication login default group radius local


Regards.

~JG


Do rate helpful posts

u346874_2 Fri, 02/08/2008 - 01:48
User Badges:

Thanks again.


So if AD is down and i use that "aaa authentication login default group radius local " switch do fallback. That is quiet hard to test because AD server must be up. : )


Or how to make sure that when AD is down i still have access to switch.

Juha



Actions

This Discussion