Network authentication.

Discussion in 'Cisco' started by AM, Jul 29, 2005.

  1. AM

    AM Guest

    Just one question to better understand what I'm going to do.

    among several commands to give the router to permit a VPNClient to authenticate itself I must give the following statements

    aaa authentication login userauthen local
    aaa authorization network groupauthor local

    The first one means that for the list userauthen the router must look inside local database. If the last option were
    "group" I could specify a RADIUS server. Seen what the router must authorize (isakmp parameters) I would ask you if I
    can store isakmp parameters on a RADIUS server.

    Thanks, Alex.
     
    AM, Jul 29, 2005
    #1
    1. Advertising

  2. AM

    rave Guest

    I dont think you are aware of authentication and
    authorization.authorization is for network authorization i.e. what
    commands can he issue after authenticates succesfully.

    there is nothing as isakmp authorization.
    isakmp and ipsec policies will always be configured on router.

    after a succesful authenticating the user via radius you can also
    specify authorization parameters on the radius server as to what the
    user is capable of doing.
     
    rave, Aug 1, 2005
    #2
    1. Advertising

  3. AM

    AM Guest

    rave wrote:

    > I dont think you are aware of authentication and
    > authorization.authorization is for network authorization i.e. what
    > commands can he issue after authenticates succesfully.
    >
    > there is nothing as isakmp authorization.
    > isakmp and ipsec policies will always be configured on router.
    >
    > after a succesful authenticating the user via radius you can also
    > specify authorization parameters on the radius server as to what the
    > user is capable of doing.
    >


    So

    does "aaa authorization network groupauthor group radius" have no meaning even if accepted by the router? Perhaps does
    "aaa authorization network groupauthor group radius none" mean that no network authorization is required?

    Alex.
     
    AM, Aug 2, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rob Franetovich
    Replies:
    1
    Views:
    1,849
    Chris
    Jul 9, 2003
  2. Rafael
    Replies:
    1
    Views:
    3,223
  3. imloggedin
    Replies:
    2
    Views:
    493
  4. Johnny
    Replies:
    11
    Views:
    3,094
    Cerebrus
    Aug 4, 2006
  5. zillah
    Replies:
    0
    Views:
    723
    zillah
    Nov 9, 2006
Loading...

Share This Page