×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

config on one NAS two separate authentication server, that each one refer to different interface

Unanswered Question
Jun 26th, 2002
User Badges:
  • Bronze, 100 points or more

Is it possible to config on one NAS two separate authentication server that each one refer to different interface ?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Wed, 06/26/2002 - 14:16
User Badges:

To get dialin users on one interface to authenticate on one RADIUS server and users on another interface to authenticate to another:

1) Define all RADIUS servers you want to use (or TACACS if you're using that) with "radius-server host xyz xyzkey".

2) Define the set of RADIUS servers you want to use to authenticate each interface (might be just one server for each in your case) in an aaa server group: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft... Give them descriptive names, like RegularServerGroup or SpecialServerGroup. Make another aaa server group for the second set of RADIUS servers you want to use for the other interface.

3) Make named aaa authentication (and authorization and accounting if you need them) lists using each group. For example: "aaa authentication ppp RegularUsers group RegularServerGroup", "aaa authentication ppp SpecialUsers group SpecialServerGroup".

4) Apply those named lists to the right interfaces. "interface ABC", "ppp authentication RegularUsers", "interface XYZ", "ppp authentication SpecialUsers". Add ppp authorization and accounting lines if you need them.



Actions

This Discussion