Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IAS for RAS and Router Admin

We have the following:

Cisco VPN3005 Concentrator

Cisco 1700 Series Routers

MS IAS and RRAS Server (Win2000 A/D)

We are successfully controlling remote access via dialup and Cisco VPN using IAS.

Now we would like to authenticate our Router administration using IAS. I can get it to work, but because IAS Policies are not tied to specific devices I cannot come up with a set of policies that allows only Cisco Admins to access routers.

Any remote access user can get to my router, although not enable mode. I certainly am not comfortable with this.

Has anyone done this before, and do you mind sharing how you did it?

Thanks in advance for any comments or suggestions!

Everyone's tags (3)
1 REPLY
Silver

Re: IAS for RAS and Router Admin

You have to configure the following in the device

aaa group server radius loginradius

server 10.10.10.1

radius-server host 10.10.10.1 auth-port 1645 acct-port 1646

radius-server key cisco

aaa authentication login default group loginradius local

aaa authentication enable default group loginradius enable

aaa authorization exec default local

aaa authorization commands 15 default local

aaa authorization network default local

enable secret xxxx

!

username cisco privilege 15 password xxxxx!

line vty 0 4

login authentication loginard

authorization exec loginard

and you need to configure the telnet authentication on RADIUS in IAS server.

200
Views
0
Helpful
1
Replies
CreatePlease login to create content