Need basic RADIUS and aaa command line for 2511 access router. Using sample configure for basic radius and aaa. Using MS IAS. For some reason it will no authentication between router and radius server.
I was talking to somebody in the CISCO booth today about digital signature authentication in a RADIUS environment and they suggested that a good forum for the question would be here ... as to whether anybody at Cisco would be interested in deploying such an enhanced RADIUS product
Every since having done some electronic commerce work in the early '90s, I've been looking at making it more secure; basically pushing strong authentication further and further into the business processes.
One of the things that I started to notice was that Certificates tended to replicate a small subset of information that was maintain in real time in business account records. Besides certificates being stale information they might unnecessarily divulge information that wasn't required in the business context (i.e. name and address in identity certificates when name and address was not necessary).
As part of that effort, it became very apparent that many business contexts would be better served with public keys registered in account records.
Work has been done on a passed financial standards that provides digital signature authentication (w/o requiring certificates) for all account-based retail payments)
we've looked at applying a similar paradigm to internet authentication; specifically looking at adding public key registration to RADIUS capability and RADIUS performing digital signature authentication using public key in the RADIUS database (in lieu of a certificate).
Furthermore, web server client authentication could similarly be done with a web servers supporting RADIUS and RADIUS digital signature authentication (not just for modem pool concentrator session connection). The benefit to some large ISP/webhoster is that they could have a single common administrative interface for managing all authentication information and allowing on a client and/or account basis an expanded choice of authentication paradigms integrated into a single common (existing) infrastructure.
In general this digital signature model is discussed in various forms at:
U first need to understand how AAA works. AAA process (triple A) consists of Authentication, Authorisation & Accounting. First u need to know at which of the above point your connection is dropped. To do this enable following debugging on your NAS (Access Server) : debug AAA authentication , debug AAA authorisation , debug AAA acounting, debug radius, debug PPP negotiation. Then telnet to the NAS & enable the telnet session to capture the NAS log to a file. Then dial into the NAS (make sure u setup NAS as well as the radius server to use PAP authentication.)Then examine the log generated & trace down where exactly the connection is dropped.Locate the error mesasage & search the cisco site for an explaination of the error. Also examine the Access-accept or Access-reject responses from the Radius server ie the attributes in the response messages. Best of luck
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...