How do you use RADIUS authentication to tell which users can logon specific Cisco devices?

hippieboy9 · ‎07-06-2010

We have some routers that are currently set up for local logon and I want them to use RADIUS authentication like our other Cisco devices. I want the users that access these routers now to still have access to them but not to the other Cisco devices using RADIUS authentication on the network. How can I do this?

Thanks.

Ganesh Hariharan · ‎07-07-2010

We have some routers that are currently set up for local logon and I want them to use RADIUS authentication like our other Cisco devices. I want the users that access these routers now to still have access to them but not to the other Cisco devices using RADIUS authentication on the network. How can I do this?

Thanks.

Hi,

Are you doing via ACS if yes you can make restriction under user setting for particular access for certain devices like on port ssh or telnet by mentioning the aaa client ip address to have access or block.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

hippieboy9 · ‎07-07-2010

We are not using ACS.

Even if I could just enable the routers to allow authentication by RADIUS and local just on these routers that would work but I have not found a way to do that. It always won't authenticate to local when the RADIUS server is up.

Ganesh Hariharan · ‎07-08-2010

We are not using ACS.

Even if I could just enable the routers to allow authentication by RADIUS and local just on these routers that would work but I have not found a way to do that. It always won't authenticate to local when the RADIUS server is up.

Pls share the aaa confguration which you have configured in your router !!

Ganesh.H

hippieboy9 · ‎07-08-2010

aaa new-model

aaa authentication login default group radius local

aaa authentication login CONSOLE line

aaa authorization exec default group radius if-authenticated

aaa session-id common

hippieboy9 · ‎07-19-2010

Does anyone know how to do this?