How do you use RADIUS authentication to tell which users can logon specific Cisco devices?

Unanswered Question
Jul 6th, 2010

We have some routers that are currently set up for local logon and I want them to use RADIUS authentication like our other Cisco devices.  I want the users that access these routers now to still have access to them but not to the other Cisco devices using RADIUS authentication on the network.  How can I do this?

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Wed, 07/07/2010 - 01:58

We have some routers that are currently set up for local logon and I want them to use RADIUS authentication like our other Cisco devices.  I want the users that access these routers now to still have access to them but not to the other Cisco devices using RADIUS authentication on the network.  How can I do this?

Thanks.

Hi,

Are you doing via ACS if yes you can make restriction under user setting for particular access for certain devices like on port ssh or telnet by mentioning the aaa client ip address to have access or block.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

hippieboy9 Wed, 07/07/2010 - 12:32

We are not using ACS.

Even if I could just enable the routers to allow authentication by RADIUS and local just on these routers that would work but I have not found a way to do that.  It always won't authenticate to local when the RADIUS server is up.

Ganesh Hariharan Thu, 07/08/2010 - 01:58

We are not using ACS.

Even if I could just enable the routers to allow authentication by RADIUS and local just on these routers that would work but I have not found a way to do that.  It always won't authenticate to local when the RADIUS server is up.

Pls share the aaa confguration which you have configured in your router !!

Ganesh.H

hippieboy9 Thu, 07/08/2010 - 06:08

aaa new-model

aaa authentication login default group radius local

aaa authentication login CONSOLE line

aaa authorization exec default group radius if-authenticated

aaa session-id common

Actions

This Discussion