×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Radius and local authentication

Unanswered Question
Jul 28th, 2014
User Badges:

I am in the process of configuring RADIUS authentication on our network devices. But I also use SolarWinds network configuration manager to manage\back up the device configurations. 

 

I would like to use Radius for when someone needs to access the network devices for any reason and for SolarWinds NCM to use local access (local user name and password) I am trying to find some information online, but no luck so far. I've only been able to find info in regards Radius as primary method and to use local if Radius is not available. 

 

Can you specify to use the local user database for one or two hosts\IP addresses? (SolarWinds servers)  

 

Thanks again, 

 

marramix01

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Danny Morris Mon, 07/28/2014 - 15:21
User Badges:

You could specify a specific VTY port for Solarwinds and leave all of the others for Radius. I would try something like the following:

 

ip ssh port #### rotary 1

 

line vty 5

rotary 1

login local

 

 

Just assign a specific unused port in place of ####. You would then need to configure Solarwinds to use the new port number for this login.

marramix01 Tue, 07/29/2014 - 12:11
User Badges:

Thanks for the replies. I will be testing both solutions, but I think our mgmt would like to have SW to use the local account. 

 

Thanks again. 

 

marramix01

nspasov Tue, 07/29/2014 - 14:01
User Badges:
  • Cisco Employee,
  • Cisco Designated VIP,

    2017 AAA, Identity and NAC Security

No problem! Do some testing and let us know the results :-) 

If/once your issue is resolved please mark the thread as "answered"

 

Thank you for rating helpful posts!

nspasov Tue, 07/29/2014 - 01:23
User Badges:
  • Cisco Employee,
  • Cisco Designated VIP,

    2017 AAA, Identity and NAC Security

In addition to what was suggested by Danny, you could also create a Radius username/password for NCM. This will allow you to:

1. Not have the need to use local db for logins, thus forcing all authentications through radius

2. Change password, username and/or disable/delete the NCM account of needed without having to hit all devices

3. Have audit trail on when that account was used and if it was used for any other means but NCM device backups. 

 

Thank you for rating helpful posts! 

Actions

This Discussion