Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > RADIUS authentication

Reply
Thread Tools

RADIUS authentication

 
 
Fatman Superstar
Guest
Posts: n/a
 
      01-08-2004
Hello All,

We have a variety of Cisco kit in our lab which also hosts a Win2000 AD
domain.

Rather than using local enable passwords for the devices which we give out
to certain people, I would like to be able to tie in AD permissions to cisco
boxes using RADIUS.

We have an IAS server which support RADIUS. However I have come accross the
usual problems, is there any examples I can experiment with or documentation
on this. The majority of items I find relate to MAC or VPN. Can what I am
attempting be acheived?

Many Thanks

Fat


 
Reply With Quote
 
 
 
 
Scooby
Guest
Posts: n/a
 
      01-09-2004
"Fatman Superstar" <(E-Mail Removed)> wrote in message
news:zEeLb.9842$(E-Mail Removed)...
> Hello All,
>
> We have a variety of Cisco kit in our lab which also hosts a Win2000 AD
> domain.
>
> Rather than using local enable passwords for the devices which we give out
> to certain people, I would like to be able to tie in AD permissions to

cisco
> boxes using RADIUS.
>
> We have an IAS server which support RADIUS. However I have come accross

the
> usual problems, is there any examples I can experiment with or

documentation
> on this. The majority of items I find relate to MAC or VPN. Can what I

am
> attempting be acheived?
>
> Many Thanks
>
> Fat
>
>


Yes, in deed. This is doable and works well. Here is a good doc to get you
started. Let me know if you run in to any problems with it.

http://www.giac.org/practical/GCWN/Damon_Martin.pdf

Just an extra hint... They list the local login second and only if the
radius is not available. That has its benefits, but I prefer the local
login not to have to wait on the timeout from radius. So, my aaa line looks
like this:

aaa authentication login default local group radius
aaa authorization exec default local group radius if-authenticated

Hope that helps,

Jim



 
Reply With Quote
 
 
 
 
Fatman Superstar
Guest
Posts: n/a
 
      01-09-2004
Great stuff!!! Cheers


"Scooby" <(E-Mail Removed)> wrote in message
news:qznLb.82$(E-Mail Removed)...
> "Fatman Superstar" <(E-Mail Removed)> wrote in message
> news:zEeLb.9842$(E-Mail Removed)...
> > Hello All,
> >
> > We have a variety of Cisco kit in our lab which also hosts a Win2000 AD
> > domain.
> >
> > Rather than using local enable passwords for the devices which we give

out
> > to certain people, I would like to be able to tie in AD permissions to

> cisco
> > boxes using RADIUS.
> >
> > We have an IAS server which support RADIUS. However I have come accross

> the
> > usual problems, is there any examples I can experiment with or

> documentation
> > on this. The majority of items I find relate to MAC or VPN. Can what I

> am
> > attempting be acheived?
> >
> > Many Thanks
> >
> > Fat
> >
> >

>
> Yes, in deed. This is doable and works well. Here is a good doc to get

you
> started. Let me know if you run in to any problems with it.
>
> http://www.giac.org/practical/GCWN/Damon_Martin.pdf
>
> Just an extra hint... They list the local login second and only if the
> radius is not available. That has its benefits, but I prefer the local
> login not to have to wait on the timeout from radius. So, my aaa line

looks
> like this:
>
> aaa authentication login default local group radius
> aaa authorization exec default local group radius if-authenticated
>
> Hope that helps,
>
> Jim
>
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft IAS Patch to Correct Very Slow RADIUS/802.1X Authentication? Jeff Wireless Networking 2 01-05-2005 07:32 PM
RADIUS Server that Forces User *and* Computer Authentication? Jeff Wireless Networking 4 01-05-2005 07:30 PM
Wireless Access Point with Radius Server > authentication? =?Utf-8?B?QXJqZW4gQm9z?= Wireless Networking 0 12-23-2004 03:03 PM
Cisco radius attributes with Funk Steel-Belted Radius Server David Cisco 0 11-06-2003 09:54 PM
HTTPS RADIUS Authentication with PIX requires CA? Trying to avoid Certificate warnings Shawn Westerhoff Cisco 6 10-29-2003 04:49 AM



Advertisments