Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Radius authentication for privileged access

Hello,

          I have configured Cisco 6513 for radius authentication with following commands.

aaa new-model
aaa authentication login authradius group radius line
aaa accounting exec acctradius start-stop group radius
radius-server host <radius-ip> auth-port 1812 acct-port 1646 key 6912911

line vty 0 4

accounting exec acctradius
login authentication authradius

     This is working pretty fine. I want to configure radius authentication for priviledged access / for enable access.

     I am using TeKRadius as Radius server.

     Please help.

Thanks and Regards,

Pratik

Everyone's tags (3)
4 REPLIES
Bronze

Re: Radius authentication for privileged access

Hi Pratik,

Try adding:

aaa authentication enable default group radius enable

Nick

New Member

Re: Radius authentication for privileged access

Hi Nick,

          I tried that but its not working....

         

          It asks username password during login and then when I enter enable it asks for simply password, and any of the password will not work, not even the enable password or the radius password. Then i have to shutdown the radius server service to get the privileged access of the switch.

Regards,

Pratik

Bronze

Re: Radius authentication for privileged access

Hi Pratik

Sorry I mostly use only TACACS+ for AAA as it provides better granularity of access controls.

You'll need to make some specific changes to your RADIUS config so that nominated users ( the ones you want to be able to go to enable mode ) get put straight into enable mode upon login.

There's a guide here http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/ which details the steps if you're using the Microsoft IAS radius server - you should be able to figure out that changes you need to make to your own server from there.

Nick

Message was edited by: NickNac79 - Spelt the OP's name wrong, sorry.

New Member

Please see http://forums

1052
Views
0
Helpful
4
Replies