Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1919
Views
0
Helpful
4
Replies

Radius authentication for privileged access

love4u.pratik
Level 1
Level 1

‎09-23-2010 03:19 AM - edited ‎03-06-2019 01:08 PM

Hello,

          I have configured Cisco 6513 for radius authentication with following commands.

aaa new-model
aaa authentication login authradius group radius line
aaa accounting exec acctradius start-stop group radius
radius-server host <radius-ip> auth-port 1812 acct-port 1646 key 6912911

line vty 0 4

accounting exec acctradius
login authentication authradius

     This is working pretty fine. I want to configure radius authentication for priviledged access / for enable access.

     I am using TeKRadius as Radius server.

     Please help.

Thanks and Regards,

Pratik

Labels:
0 Helpful
4 Replies 4

NickNac79
Level 1
Level 1

‎09-23-2010 03:30 AM

Hi Pratik,

Try adding:

aaa authentication enable default group radius enable

Nick

0 Helpful

love4u.pratik
Level 1
Level 1
In response to NickNac79

‎09-23-2010 03:47 AM

Hi Nick,

          I tried that but its not working....

         

          It asks username password during login and then when I enter enable it asks for simply password, and any of the password will not work, not even the enable password or the radius password. Then i have to shutdown the radius server service to get the privileged access of the switch.

Regards,

Pratik

0 Helpful

NickNac79
Level 1
Level 1
In response to love4u.pratik

‎09-23-2010 04:04 AM

Hi Pratik

Sorry I mostly use only TACACS+ for AAA as it provides better granularity of access controls.

You'll need to make some specific changes to your RADIUS config so that nominated users ( the ones you want to be able to go to enable mode ) get put straight into enable mode upon login.

There's a guide here http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/ which details the steps if you're using the Microsoft IAS radius server - you should be able to figure out that changes you need to make to your own server from there.

Nick

Message was edited by: NickNac79 - Spelt the OP's name wrong, sorry.

0 Helpful

kaplanyasin
Level 1
Level 1

‎07-10-2014 12:47 AM

Please see http://forums.tekradius.com/topic455-add-privilege-for-users.aspx

Best regards,

Yasin KAPLAN - http://www.kaplansoft.com/

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card