We have around 60 Cisco switches that we use RADIUS authentication and authorization on (Will be moving to TACACS+ in the next few months). It works great, as long as the trunk back to the main network is up, if it (the trunk) fails for any reason I can only login to a user level privilege, no exec level. This happens on all VTYs and the Console. Also on the console regardless of the Trunk is up, I can only login with user level. I'm sure it has to do with using the "default" AAA list. However I cannot figure out how to create a named list.
The switch models vary from 2960s to 3750Es. Here is an example of the config of one of the 2960's that I'm currently configuring:
When you create a method list, instead of "default" keyword you specify a name of the list. The difference between the default and the named list is that default list is automatically applied on all the interfaces but the named list has to be specifically applied on the vty lines and the console.
If you would like to create a named list for authentication and authorization, please remove the existing commands and try the ones below:
- aaa authentication login rad_authentication group rad_admin local
- aaa authorization exec rad_authorization group rad_admin local
Now as I mentioned previously, go to the line vty and type the following:
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...