Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Please be advise on aaa authentication login AAA group radius local none

I try to implement this command on the router:

!

Sun3(config)# radius-server host 10.1.1.1

Sun3(config)# radius-server key abc

Sun3(config)# aaa new-model

Sun3(config)#aaa authentication login AAA group radius local none

What is the none mean :

It means :

1) user can log in if the radius server fail

2) user can NOT log in if the radius server fail

3) the radius server need authentication with the router.

Thanks

2 REPLIES
Hall of Fame Super Silver

Re: Please be advise on aaa authentication login AAA group radiu

Henry

In the way that you have configured it the router will first attempt to authenticate to the radius server. If there is an error in authenticating with the radius server (an error response not a negative response) then it will attempt to authenticate with a locally configured userID and password. If there is an error in this attempt (an error not a negative response) then the none comes into effect and the user will be authenticated.

HTH

Rick

Re: Please be advise on aaa authentication login AAA group radiu

Henry,

As Rick stated the order of authentication is Radius -> then local login (username/password) configured in the router --> then none. Hence, the answer to your question is #1, "user can log in if the radius server fail".

Important thing to remember here is authentication error (server unavailable) is different from authentication failure (incorrect login credentials). Since the question states the radius server fails the answer is #1.

HTH

Sundar

163
Views
10
Helpful
2
Replies