Radius authentication for privileged access

Unanswered Question
Sep 23rd, 2010
User Badges:

Hello,


          I have configured Cisco 6513 for radius authentication with following commands.


aaa new-model
aaa authentication login authradius group radius line
aaa accounting exec acctradius start-stop group radius
radius-server host <radius-ip> auth-port 1812 acct-port 1646 key 6912911

line vty 0 4

accounting exec acctradius
login authentication authradius


     This is working pretty fine. I want to configure radius authentication for priviledged access / for enable access.

     I am using TeKRadius as Radius server.


     Please help.


Thanks and Regards,

Pratik

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
NickNac79 Thu, 09/23/2010 - 03:30
User Badges:
  • Bronze, 100 points or more

Hi Pratik,


Try adding:


aaa authentication enable default group radius enable


Nick

love4u.pratik Thu, 09/23/2010 - 03:47
User Badges:

Hi Nick,


          I tried that but its not working....

         

          It asks username password during login and then when I enter enable it asks for simply password, and any of the password will not work, not even the enable password or the radius password. Then i have to shutdown the radius server service to get the privileged access of the switch.


Regards,

Pratik

NickNac79 Thu, 09/23/2010 - 04:04
User Badges:
  • Bronze, 100 points or more

Hi Pratik


Sorry I mostly use only TACACS+ for AAA as it provides better granularity of access controls.


You'll need to make some specific changes to your RADIUS config so that nominated users ( the ones you want to be able to go to enable mode ) get put straight into enable mode upon login.


There's a guide here http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/ which details the steps if you're using the Microsoft IAS radius server - you should be able to figure out that changes you need to make to your own server from there.


Nick




Message was edited by: NickNac79 - Spelt the OP's name wrong, sorry.

Actions

This Discussion

Related Content