Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

ASA Radius configuration

I'm trying to configure an ASA to use ASA for authenticaton.

I've done this before on normal IOS devices fine. But the ASAs are confusing me.

All the documentation/examples I've seen have the lines:

aaa-server my-radius-group protocol radius
aaa-server my-radius-group host 1.2.3.4
timeout 3
key “password”
authentication-port 1812
accounting-port 1813
radius-common-pw “password”

I'm assuming the "radius-common-pw" is the Radius shared secret.

What I don't understand is: What's this "key" parameter ? The IOS help just says it's the password to authenticate the NAS to the AAA server. But in Radius, that's what the shared secret does (Partially)

Can anyone explain the difference between "key" & "radius-common-pw" ?

Thanks,

GTG

Please rate all helpful posts.
  • AAA Identity and NAC
Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

ASA Radius configuration

The name is the receipy.

radius-common-pw

To specify a common password to be used for all users who are accessing this RADIUS authorization server through this security appliance, use the radius-common-pw command in AAA-server host mode.

key is specific to a client (i.e. client is a device) you create on the Radius server.

Hope that answers your question

thanks

Rizwan Rafeek

2 REPLIES

ASA Radius configuration

The name is the receipy.

radius-common-pw

To specify a common password to be used for all users who are accessing this RADIUS authorization server through this security appliance, use the radius-common-pw command in AAA-server host mode.

key is specific to a client (i.e. client is a device) you create on the Radius server.

Hope that answers your question

thanks

Rizwan Rafeek

New Member

Common Password—Enter the

Common Password—Enter the common password for the group. The password is case-sensitive. The field displays only asterisks. If you are defining a RADIUS server to be used for authentication rather than authorization, do not provide a common password.

A RADIUS authorization server requires a password and username for each connecting user. You enter the password here. The RADIUS authorization server administrator must configure the RADIUS server to associate this password with each user via this security appliance. Be sure to provide this information to your RADIUS server administrator. Enter a common password for all users who are accessing this RADIUS authorization server through this security appliance.

If you leave this field blank, each user password will be the username. As a security precaution never use a RADIUS authorization server for authentication. Using common passwords or usernames as passwords is much less secure than using a strong password for each user.

4276
Views
0
Helpful
2
Replies