Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RADIUS & AAA Info

Hi,

I want to configure RADIUS authentication for all the Routers.

Which RADIUS server should I use? W2K or UNIX

There should be only one user ID for each administrators, using this ID they should be able to login to all the routers, but should have different privileges on different routers.

How can I achieve this … is this possible?

Regards

  • AAA Identity and NAC
5 REPLIES
Cisco Employee

Re: RADIUS & AAA Info

Hi Saggi,

Unix ACS is end-of-sales and soon end-of-support. You should go for the Win2k ACS platform.

The below url, explains how to implement the privilege levels for a particular user.

http://www.cisco.com/en/US/partner/tech/tk583/tk547/technologies_tech_note09186a008009465c.shtml

Thanks,

Yatin

Silver

Re: RADIUS & AAA Info

Hi,

W2K as suggested by the previous post. You can dowload the trial version from here -

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-eval

Also, to address to the last part of the question, here is the procedure on ACS -

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user/u.htm#186824

And along with other commands, you will need the follwing line on the router -

aaa authorization commands 0 default group tacacs+

aaa authorization commands 1 default group tacacs+

aaa authorization commands 15 default group tacacs+

New Member

Re: RADIUS & AAA Info

I have installed RADIUS on W2K machine, Can i configure privelege for diffrent users.

Cisco Employee

Re: RADIUS & AAA Info

Hi,

You need to have TACACS+ for this.

Please see the info on the below url

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user/u.htm#187076

Thanks,

yatin

Cisco Employee

Re: RADIUS & AAA Info

If you are doing command authorization, then TACACS+ is required. That was what I was referring to in my last post.

For assigning privilege levels using Radius, follow this;

CiscoSecure NT RADIUS

Follow these steps to configure the server.

In the Group Settings for IETF, Service-type (attribute 6) = Nas-Prompt

In the CiscoRADIUS area, check AV-Pair, and in the rectangular box underneath, enter shell:priv-lvl=7.

As an example, priv level 7 is assigned.

Hope this helps,

yatin

144
Views
5
Helpful
5
Replies