Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3154
Views
10
Helpful
3
Replies

Fallback: Bypass Radius Server

jeffersoncbriones
Level 1
Level 1

‎08-06-2008 11:57 PM

Hi guys,

Currently checking zeroshell for radius to centralize my logins. My question is, if the radius server fails, is there a fallback username/password that i can configure just in case?

Thanks.

Labels:
0 Helpful
3 Replies 3

yjdabear
VIP Alumni
VIP Alumni

‎08-07-2008 06:20 AM

You can configure IOS to try multiple RADIUS/AAA servers. It's always a good idea to have more than one.

aaa group server radius authentication-group

server 209.165.200.225 key radkey1

server 209.165.200.226 key radkey2

aaa group server radius accounting-group

server 209.165.200.225 key radkey1

server 209.165.200.226 key radkey2

server 209.165.201.1 key radkey3

Or, if you meant configuring a local user/password on the router, check out

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ft_md5.html

username name secret {[0] password | 5 encrypted-secret}

0 Helpful

jeffersoncbriones
Level 1
Level 1
In response to yjdabear

‎08-07-2008 05:38 PM

Hi,

Let say my routers are configured to authenticate tru the radius server. What if that radius server goes down, how can i telnet/ssh into my router then? Thats why im finding a way wherein login should first be authenticated tru the radius server and if no radius server found (radius is down) a backdoor username/password can be used.

Thanks.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to jeffersoncbriones

‎08-08-2008 12:40 PM

Jefferson

It is a very common requirement to have some backup method of authentication such as local authentication in case the configured server (or multiple servers) is not available. Assuming that you have the radius server configured you would want something like this in your config:

user password

aaa authentication login default group radius local

This will attempt to authenticate with radius and if there is an error in that authentication attempt then it will authenticate with the configured local user ID and password.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents