Using radius in switch authentication

u346874_2 · ‎02-06-2008

I have configured aaa command

"aaa authentication login default group radius none" to cisco switch. If i shutdown windows IAS server where i have configure client(cisco switch) i can get in to switch because of that "none" condition. But if our IAS server is up but MS Active directory server is down can i get in to switch in that case.(does that condition "none" still be valid.

Any idea

thanks

Juha

Jagdeep Gambhir · ‎02-06-2008

Juhu,

It will fallback only if there is no respose from IAS or it returns with "error". If IAS do not respond , it will fallback and if IAS responds "user not found" then won't fall back.

In ACS if AD is down then it returns value "user not found" (no fallback)

Regards,

~JG

Do rate helpful posts

u346874_2 · ‎02-06-2008

thanks

One more question.

What do you thing.Is only way to keep access to switch during AD server down using command like "aaa authentication login default group radius none local" and creting local user and password to switch.

juha

Jagdeep Gambhir · ‎02-07-2008

Juhu,

No need to use work "none"

This command will do the needful

aaa authentication login default group radius local

Regards.

~JG

Do rate helpful posts

u346874_2 · ‎02-08-2008

Thanks again.

So if AD is down and i use that "aaa authentication login default group radius local " switch do fallback. That is quiet hard to test because AD server must be up. : )

Or how to make sure that when AD is down i still have access to switch.

Juha