Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Using RAdius for Remote authentication but local for Telnet

I have a 3640 used for RAS. The remote users need a post dial terminal window for a form of token Authentication. This is specified with the LOGIN command. When I try and telnet in I am promted for username/password which passess but the telnet fails. The RADIUS server being used does not specify a telnet parameter, so tries to use PPP for telnet. If I remove Login RADIUS then the remote users get no output from thier post dial window. Can I specify that telnet is only locally authenticated, and therefore not effect any remote users needing to use login?

Any help would be greatly appreciated.

I have attached current config.

service password-encryption

service udp-small-servers

service tcp-small-servers

!

!

aaa new-model

aaa authentication login default group radius

aaa authentication ppp default if-needed group radius

aaa authorization exec default group radius

aaa authorization network default group radius

aaa accounting exec default start-stop group radius

aaa accounting network default start-stop group radius

enable secret 5 $1$CMCO$IMo3eQ0NJO/l/yNfwdfOT0

!

ip subnet-zero

!

!

!

interface Ethernet0/1

ip address

no ip proxy-arp

full-duplex

!

interface Ethernet0/2

ip address

no ip proxy-arp

full-duplex

!

interface Ethernet0/3

ip address

ip address

ip helper-address

load-interval 30

full-duplex

!

interface Serial1/0

description 'Link to Warricker Centre'

ip address

priority-group 1

serial restart-delay 0

!

interface Serial1/1

description Link to Basement Upney Lane

ip address

serial restart-delay 0

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

interface Group-Async1

ip unnumbered Ethernet0/3

encapsulation ppp

no ip mroute-cache

dialer in-band

dialer idle-timeout 600

dialer-group 1

async mode interactive

peer default ip address dhcp

no fair-queue

ppp authentication chap

group-range 65 72

!

ip classless

ip http server

ip pim bidir-enable

!

priority-list 1 protocol ip high tcp telnet

dialer-list 1 protocol ip permit

!

radius-server host 15.10.30.4 auth-port 1645 acct-port 1646

radius-server retransmit 3

radius-server key 7 0807697C3B38373E

!

line con 0

line 65 72

exec-timeout 0 0

modem InOut

transport preferred none

transport input all

transport output none

autoselect during-login

autoselect ppp

line aux 0

line vty 0 4

password 7 09435C081702124359

!

end

1 REPLY
New Member

Re: Using RAdius for Remote authentication but local for Telnet

Hi :)

You'll need to create a different method list for AAA that you can apply to your vty line. The term local means using a username/password that resides on your router. However looking at you configuration, you have no username/passwords configured so I assume that you want to simply get a password prompt when you telnet to the router. If I have understood you correctly then configure the following. As you haven't provided a show version I'm assuming that you're running the latest code:

aaa authentication login vtylines line none

aaa authorization exec vtylines none

line vty 0 4

login authentication vtylines

authorization exec vtylines

98
Views
0
Helpful
1
Replies
CreatePlease login to create content