Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Fallback: Bypass Radius Server

Hi guys,

Currently checking zeroshell for radius to centralize my logins. My question is, if the radius server fails, is there a fallback username/password that i can configure just in case?

Thanks.

3 REPLIES
Blue

Re: Fallback: Bypass Radius Server

You can configure IOS to try multiple RADIUS/AAA servers. It's always a good idea to have more than one.

aaa group server radius authentication-group

server 209.165.200.225 key radkey1

server 209.165.200.226 key radkey2

aaa group server radius accounting-group

server 209.165.200.225 key radkey1

server 209.165.200.226 key radkey2

server 209.165.201.1 key radkey3

Or, if you meant configuring a local user/password on the router, check out

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ft_md5.html

username name secret {[0] password | 5 encrypted-secret}

New Member

Re: Fallback: Bypass Radius Server

Hi,

Let say my routers are configured to authenticate tru the radius server. What if that radius server goes down, how can i telnet/ssh into my router then? Thats why im finding a way wherein login should first be authenticated tru the radius server and if no radius server found (radius is down) a backdoor username/password can be used.

Thanks.

Hall of Fame Super Silver

Re: Fallback: Bypass Radius Server

Jefferson

It is a very common requirement to have some backup method of authentication such as local authentication in case the configured server (or multiple servers) is not available. Assuming that you have the radius server configured you would want something like this in your config:

user password

aaa authentication login default group radius local

This will attempt to authenticate with radius and if there is an error in that authentication attempt then it will authenticate with the configured local user ID and password.

HTH

Rick

1430
Views
5
Helpful
3
Replies
CreatePlease login to create content