Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1120
Views
0
Helpful
3
Replies

Radius authentication config question?

Go to solution
the-lebowski
Level 4
Level 4

‎04-06-2010 07:32 AM - edited ‎03-06-2019 10:29 AM

Can anyone tell me what the difference is between adding the "server..." line and not adding it when doing Radius authentication?

aaa new-model
aaa group server radius ADMINS
server 172.23.16.20 auth-port 1645 acct-port 1646

Compared to:

aaa new-model
aaa group server radius ADMINS

2 different switches but RADIUS is working fine on both of them.  the second one does not have the "server...." line.


TIA

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to the-lebowski

‎04-06-2010 12:25 PM

Hello DPatten,

>> Radius servers are defined in the global config on both switches:

as it could be expected

you could refer to the radius group of server in AAA methods lists instead of using the individual servers

That's all !

see it as an additional level of abstraction that you can  use or not

you can check looking at aaa lines

sh run | inc aaa

see configuration guide

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_radius.html#wp1001168

section

Configuring AAA Server Groups

Hope to help

Giuseppe

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎04-06-2010 11:05 AM

Hello Dpatten,

in first case a group of Radius servers is defined with one member that defined by the server line

multiple members could be defined in the group of server using other server ... lines

This does not forbide the use of older syntax to define a standalone radius server in global config.

I would expect second swich to have a radius server defined in global config and to use it for AAA

In other words in second switch it is  defined an empty group of RADIUS servers

I would check with

sh run | inc radius

to see this

otherwise some external entity should tell the ip address of an active Radius server but I'm not aware of this option

Hope to help

Giuseppe

0 Helpful

Go to solution
the-lebowski
Level 4
Level 4
In response to Giuseppe Larosa

‎04-06-2010 11:20 AM

Giuseppe

Radius servers are defined in the global config on both switches:

radius-server host 172.23.16.20 auth-port 1645 acct-port 1646 key 7 xxxxxxxxxxxxxxxxxxx
radius-server host 172.23.16.22 auth-port 1645 acct-port 1646 key 7 xxxxxxxxxxxxxxxxxxx

So if I don't have any specified in the aaa but do have them specified in the global config it obviously works fine.  If I specifically put them in the aaa group it will use only the ones I specify?

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to the-lebowski

‎04-06-2010 12:25 PM

Hello DPatten,

>> Radius servers are defined in the global config on both switches:

as it could be expected

you could refer to the radius group of server in AAA methods lists instead of using the individual servers

That's all !

see it as an additional level of abstraction that you can  use or not

you can check looking at aaa lines

sh run | inc aaa

see configuration guide

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_radius.html#wp1001168

section

Configuring AAA Server Groups

Hope to help

Giuseppe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card