Radius authentication for privileged access

Unanswered Question
Sep 23rd, 2010

Hello,

          I have configured Cisco 6513 for radius authentication with following commands.

aaa new-model
aaa authentication login authradius group radius line
aaa accounting exec acctradius start-stop group radius
radius-server host <radius-ip> auth-port 1812 acct-port 1646 key 6912911

line vty 0 4

accounting exec acctradius
login authentication authradius

     This is working pretty fine. I want to configure radius authentication for priviledged access / for enable access.

     I am using TeKRadius as Radius server.

     Please help.

Thanks and Regards,

Pratik

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
NickNac79 Thu, 09/23/2010 - 03:30

Hi Pratik,

Try adding:

aaa authentication enable default group radius enable

Nick

love4u.pratik Thu, 09/23/2010 - 03:47

Hi Nick,

          I tried that but its not working....

         

          It asks username password during login and then when I enter enable it asks for simply password, and any of the password will not work, not even the enable password or the radius password. Then i have to shutdown the radius server service to get the privileged access of the switch.

Regards,

Pratik

NickNac79 Thu, 09/23/2010 - 04:04

Hi Pratik

Sorry I mostly use only TACACS+ for AAA as it provides better granularity of access controls.

You'll need to make some specific changes to your RADIUS config so that nominated users ( the ones you want to be able to go to enable mode ) get put straight into enable mode upon login.

There's a guide here http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/ which details the steps if you're using the Microsoft IAS radius server - you should be able to figure out that changes you need to make to your own server from there.

Nick

Message was edited by: NickNac79 - Spelt the OP's name wrong, sorry.

Actions

This Discussion

Related Content