Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

AAA Configuration

Hi,

Can anyone help me? I'm trying to implement RADIUS authentication for my Cisco switches and routers. Could anybody give me some configuration examples or a tip of how to point my switches and routers at a RADIUS server, and also to attempt authentication against RADIUS. Only using a locally configured account if RADIUS fails?

I have tryed the con following configuration but I'm not shure if that is correct:

aaa new-model

aaa authentication login default group radius local

aaa accounting network default init-stop group radius

radius-server host 10.132.100.1 auth-port 1812 acct-port 1813 key ciscosecure

radius-server retransmit 3

Thank you,

Fernanda

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: AAA Configuration

Hi Fernanda,

Your configuration seems to be OK.

more info you can find here:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7ab.html

Hope it helps. If it does please rate.

Regards,

Rafael Lanna

4 REPLIES
Gold

Re: AAA Configuration

Hi Fernanda

You configuration looks good

Only you need apply the authentication list to specific line (vty, console)

fe.

router(config)#line vty 0 4

router(config-line)login authentication default

Because you are using radius server also server must be configured properly (router IP, key...)

If you need more info about AAA login configuration check following link

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7a8.html#wp1001032

M.

hope that helps rate if it does

Hall of Fame Super Gold

Re: AAA Configuration

Milan

Actually when you configure aaa new-model the vty lines automatically default to login authentication default, so specifying it is not required.

Also the given config does authentication for login but not for enable. The original post was a bit ambiguous about whether authentication for enable was required. But I do not remember seeing a real router config that did aaa authentication for login but not for enable. So I would suggest adding to the configuration:

aaa authentication enable default group radius enable

HTH

Rick

Community Member

Re: AAA Configuration

In addidtion to Rick's comment below, I don't see that you've "authorization" statement.

You can add the following:

aaa authorization exec default if-authenticated

aaa authorization network default group radius local

HTH,

hieu

pls rate post if helpful.

Bronze

Re: AAA Configuration

Hi Fernanda,

Your configuration seems to be OK.

more info you can find here:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7ab.html

Hope it helps. If it does please rate.

Regards,

Rafael Lanna

355
Views
0
Helpful
4
Replies
CreatePlease to create content