Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1333
Views
0
Helpful
2
Replies

AAA Authentication query

noelf
Level 1
Level 1

‎04-08-2004 07:03 AM - edited ‎03-10-2019 07:44 AM

Hi,

Anybody know if its possible to have "login" and "network" users authenticating against 2 different Radius servers on a router? i.e. Sys admins auth against radius server 1 for logging in and ppp/network users auth against radius server 2. How is this achieved?

Labels:
0 Helpful
2 Replies 2

umedryk
Level 5
Level 5

‎04-15-2004 06:17 AM

As far as my knowledge goes, this it is not possible.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎04-30-2004 11:57 AM

If I understand your question correctly I am doing that on several routers with tacacs and it looks in the documentation like the same thing would work for radius.

The key concept is server groups in aaa. I define one group for admin login and point it at one server. I define a second group for network/ppp (user) and point it at other server. In aaa I define a special authentication method for admin and link it to the admin server group. I define the default authentication for login and link it to the user server group. On the vty ports I link them to the admin login method.

Key parts of the config:

aaa group server tacacs+ admin_TAC

server 192.168.1.1

!

aaa group server tacacs+ user_TAC

server 192.168.2.1

aaa authentication login default group user_TAC

aaa authentication login admin group admin_TAC line

aaa authentication ppp default if-needed group user_TAC

line vty 0 4

login authentication admin

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents