Please be advise on aaa authentication login AAA group radius local none

crscrsone · ‎11-06-2006

I try to implement this command on the router:

!

Sun3(config)# radius-server host 10.1.1.1

Sun3(config)# radius-server key abc

Sun3(config)# aaa new-model

Sun3(config)#aaa authentication login AAA group radius local none

What is the none mean :

It means :

1) user can log in if the radius server fail

2) user can NOT log in if the radius server fail

3) the radius server need authentication with the router.

Thanks

Richard Burts · ‎11-06-2006

Henry

In the way that you have configured it the router will first attempt to authenticate to the radius server. If there is an error in authenticating with the radius server (an error response not a negative response) then it will attempt to authenticate with a locally configured userID and password. If there is an error in this attempt (an error not a negative response) then the none comes into effect and the user will be authenticated.

HTH

Rick

HTH

Rick

sundar.palaniappan · ‎11-06-2006

Henry,

As Rick stated the order of authentication is Radius -> then local login (username/password) configured in the router --> then none. Hence, the answer to your question is #1, "user can log in if the radius server fail".

Important thing to remember here is authentication error (server unavailable) is different from authentication failure (incorrect login credentials). Since the question states the radius server fails the answer is #1.

HTH

Sundar