AAA RADIUS question

Discussion in 'Cisco' started by gmosley, Sep 29, 2006.

  1. gmosley

    gmosley Guest

    We are using RADIUS under AIX to authenticate traffic through a Cisco
    box into a VLAN.

    Can the RADIUS server be configured to not authenticate specific IP
    addresses?

    In the RADIUS log I see that it is getting the source IP address like
    this:

    Cisco-AVPair = "ip:source-ip=xxx.xxx.xxx.xxx"

    Can the RADIUS server be configured to not authenticate from that
    specific IP address/subnet?
     
    gmosley, Sep 29, 2006
    #1
    1. Advertising

  2. gmosley

    Fook Guest

    gmosley wrote:

    > We are using RADIUS under AIX to authenticate traffic through a Cisco
    > box into a VLAN.
    >
    > Can the RADIUS server be configured to not authenticate specific IP
    > addresses?
    >
    > In the RADIUS log I see that it is getting the source IP address like
    > this:
    >
    > Cisco-AVPair = "ip:source-ip=xxx.xxx.xxx.xxx"
    >
    > Can the RADIUS server be configured to not authenticate from that
    > specific IP address/subnet?


    Can you not specify on the RADIUS server itself what subnets/ips to allow?

    My RADIUS server only accepts connetions from two IP addresses?

    Or am I misunderstanding what you're asking :)
     
    Fook, Sep 29, 2006
    #2
    1. Advertising

  3. gmosley

    gmosley Guest

    Fook,
    Part of the problem is that I cannot access the server itself - but if
    I can help them find a solution to implement it will solve my problem.

    Are you talking about limiting it to which NAS devices (firewalls, etc)
    can authenticate? That is being done.

    The problem is that the NAS passes along the source IP of the user, and
    there are some systems we would prefer not be allowed to authenticate.

    Unfortunately the systems we don't want to authenticate are the
    exceptions, not the rule.

    Can you allow authentication from ALL servers except a few?



    Fook wrote:
    > gmosley wrote:
    >
    > > We are using RADIUS under AIX to authenticate traffic through a Cisco
    > > box into a VLAN.
    > >
    > > Can the RADIUS server be configured to not authenticate specific IP
    > > addresses?
    > >
    > > In the RADIUS log I see that it is getting the source IP address like
    > > this:
    > >
    > > Cisco-AVPair = "ip:source-ip=xxx.xxx.xxx.xxx"
    > >
    > > Can the RADIUS server be configured to not authenticate from that
    > > specific IP address/subnet?

    >
    > Can you not specify on the RADIUS server itself what subnets/ips to allow?
    >
    > My RADIUS server only accepts connetions from two IP addresses?
    >
    > Or am I misunderstanding what you're asking :)
     
    gmosley, Sep 29, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matt

    Pix 515 AAA Radius problems

    Matt, Dec 8, 2003, in forum: Cisco
    Replies:
    1
    Views:
    1,120
    Walter Roberson
    Dec 8, 2003
  2. optimus
    Replies:
    0
    Views:
    618
    optimus
    Feb 26, 2004
  3. hifur2002

    LSDO without RADIUS(AAA)?

    hifur2002, May 6, 2004, in forum: Cisco
    Replies:
    0
    Views:
    460
    hifur2002
    May 6, 2004
  4. ciscobiz

    AAA/RADIUS

    ciscobiz, Jul 13, 2004, in forum: Cisco
    Replies:
    1
    Views:
    756
    Scooby
    Jul 13, 2004
  5. Chris_D
    Replies:
    4
    Views:
    3,470
    Chris_D
    Aug 1, 2005
Loading...

Share This Page