Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
597
Views
0
Helpful
4
Replies

Radius Configuration

moiseshp
Level 1
Level 1

‎06-21-2002 02:30 PM - edited ‎02-20-2020 09:17 PM

How can I configurate Cisco Secure or AS5300 for not double authentication?

Labels:
0 Helpful
4 Replies 4

tepatel
Cisco Employee
Cisco Employee

‎06-21-2002 05:44 PM

Pl. explain in detail about what exactly you want to do..thanks..Tejal

0 Helpful

moiseshp
Level 1
Level 1
In response to tepatel

‎06-23-2002 07:25 AM

I have a Cisco Secure Server on Unix Version 2.3 (5) and I have several equipment AS5300, when a user connects by dialup to AS5300 he has that to be validate by Cisco Secure.

The configuration of Cisco Secure is:

*RADIUS CISO

Reply Attributes------ User-Service-Type(Framed User)

------ Frame Protocol (PPP)

Check Items -------User-Service-Type(Framed User)

-------Frame Protocol (PPP)

The User (CHAP)

I need to know when the user is connected, he can not to connect with the same one username and password for the second time.

The configuration of AS5300 is:

Ver. 12.1(1a)T1

aaa authentication login no_radius enable

aaa authentication login no_consola enable

aaa authentication login line line

aaa authentication ppp default group radius

aaa accounting update newinfo

interface Group-Async1

ip unnumbered Loopback0

encapsulation ppp

async default routing

async mode interactive

no snmp trap link-status

peer default ip address pool default

ppp authentication chap

group-range 1 120

ip radius source-interface Loopback0

radius-server host 172.16.10.12 auth-port 1645 acct-port 1646 key 7 internet radius-server retransmit 3

radius-server timeout 30

radius-server key 7 internet

line 1 120

autoselect ppp

modem InOut

transport preferred none

transport input all

transport output lat pad telnet rlogin udptn v120 lapb-ta

Thanks.

Moses

0 Helpful

tepatel
Cisco Employee
Cisco Employee
In response to moiseshp

‎06-23-2002 09:35 AM

Here is the link which has a sample config discuss that in detail along with radius config too.

http://www.cisco.com/warp/public/793/access_dial/basicradius.shtml

Now, if you don't want user to connect with the same username and password again when they dialin, you need to use OTP (one time password) where password is different for each login..Here is the place which discuss that..For

Double authentication design guide

http://www.cisco.com/warp/public/129/26.html

For One time Password

http://www.cisco.com/warp/public/129/24.html

Tejal

0 Helpful

yusuff
Cisco Employee
Cisco Employee

‎06-24-2002 02:43 AM

If i understand you correctly, you do not want the user to get in again if it has already logged in before i.e. max-session control

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/cs_unx/acsu235/mss.htm#xtocid99051

HTH

R/Yusuf

0 Helpful
Customers Also Viewed These Support Documents