|
|
|
|
09-29-2006, 06:53 PM
|
#1 |
AAA RADIUS question
We are using RADIUS under AIX to authenticate traffic through a Cisco
box into a VLAN. Can the RADIUS server be configured to not authenticate specific IP addresses? In the RADIUS log I see that it is getting the source IP address like this: Cisco-AVPair = "ip:source-ip=xxx.xxx.xxx.xxx" Can the RADIUS server be configured to not authenticate from that specific IP address/subnet? gmosley |
|
|
|
09-29-2006, 07:07 PM
|
#2 |
|
Posts: n/a
|
Re: AAA RADIUS question
gmosley wrote:
> We are using RADIUS under AIX to authenticate traffic through a Cisco > box into a VLAN. > > Can the RADIUS server be configured to not authenticate specific IP > addresses? > > In the RADIUS log I see that it is getting the source IP address like > this: > > Cisco-AVPair = "ip:source-ip=xxx.xxx.xxx.xxx" > > Can the RADIUS server be configured to not authenticate from that > specific IP address/subnet? Can you not specify on the RADIUS server itself what subnets/ips to allow? My RADIUS server only accepts connetions from two IP addresses? Or am I misunderstanding what you're asking  Fook |
|
|
|
09-29-2006, 07:17 PM
|
#3 |
|
Posts: n/a
|
Re: AAA RADIUS question
Fook,
Part of the problem is that I cannot access the server itself - but if I can help them find a solution to implement it will solve my problem. Are you talking about limiting it to which NAS devices (firewalls, etc) can authenticate? That is being done. The problem is that the NAS passes along the source IP of the user, and there are some systems we would prefer not be allowed to authenticate. Unfortunately the systems we don't want to authenticate are the exceptions, not the rule. Can you allow authentication from ALL servers except a few? Fook wrote: > gmosley wrote: > > > We are using RADIUS under AIX to authenticate traffic through a Cisco > > box into a VLAN. > > > > Can the RADIUS server be configured to not authenticate specific IP > > addresses? > > > > In the RADIUS log I see that it is getting the source IP address like > > this: > > > > Cisco-AVPair = "ip:source-ip=xxx.xxx.xxx.xxx" > > > > Can the RADIUS server be configured to not authenticate from that > > specific IP address/subnet? > > Can you not specify on the RADIUS server itself what subnets/ips to allow? > > My RADIUS server only accepts connetions from two IP addresses? > > Or am I misunderstanding what you're asking gmosley |
|
|
 |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Re: Dial-up Modem Question | w_tom | A+ Certification | 0 | 09-18-2005 09:12 PM |
| "Installing two drives" question - what next? | Jim | A+ Certification | 12 | 08-07-2005 01:19 PM |
| Re: Good morning or good evening depending upon your location. I want to ask you the most important question of your life. Your joy or sorrow for all eternity depends upon your answer. The question is: Are you saved? It is not a question of how good | God | DVD Video | 3 | 04-25-2005 04:19 PM |
| Re: Good morning or good evening depending upon your location. I want to ask you the most important question of your life. Your joy or sorrow for all eternity depends upon your answer. The question is: Are you saved? It is not a question of how good | Filthy Mcnasty | DVD Video | 0 | 04-25-2005 04:29 AM |
| Re: Safe Mode Question (A+ question) | Gordon Findlay | A+ Certification | 0 | 06-16-2004 10:48 AM |
