RADIUS authentication

Discussion in 'Cisco' started by Fatman Superstar, Jan 8, 2004.

  1. Hello All,

    We have a variety of Cisco kit in our lab which also hosts a Win2000 AD
    domain.

    Rather than using local enable passwords for the devices which we give out
    to certain people, I would like to be able to tie in AD permissions to cisco
    boxes using RADIUS.

    We have an IAS server which support RADIUS. However I have come accross the
    usual problems, is there any examples I can experiment with or documentation
    on this. The majority of items I find relate to MAC or VPN. Can what I am
    attempting be acheived?

    Many Thanks

    Fat
     
    Fatman Superstar, Jan 8, 2004
    #1
    1. Advertising

  2. Fatman Superstar

    Scooby Guest

    "Fatman Superstar" <> wrote in message
    news:zEeLb.9842$...
    > Hello All,
    >
    > We have a variety of Cisco kit in our lab which also hosts a Win2000 AD
    > domain.
    >
    > Rather than using local enable passwords for the devices which we give out
    > to certain people, I would like to be able to tie in AD permissions to

    cisco
    > boxes using RADIUS.
    >
    > We have an IAS server which support RADIUS. However I have come accross

    the
    > usual problems, is there any examples I can experiment with or

    documentation
    > on this. The majority of items I find relate to MAC or VPN. Can what I

    am
    > attempting be acheived?
    >
    > Many Thanks
    >
    > Fat
    >
    >


    Yes, in deed. This is doable and works well. Here is a good doc to get you
    started. Let me know if you run in to any problems with it.

    http://www.giac.org/practical/GCWN/Damon_Martin.pdf

    Just an extra hint... They list the local login second and only if the
    radius is not available. That has its benefits, but I prefer the local
    login not to have to wait on the timeout from radius. So, my aaa line looks
    like this:

    aaa authentication login default local group radius
    aaa authorization exec default local group radius if-authenticated

    Hope that helps,

    Jim
     
    Scooby, Jan 9, 2004
    #2
    1. Advertising

  3. Great stuff!!! Cheers


    "Scooby" <> wrote in message
    news:qznLb.82$...
    > "Fatman Superstar" <> wrote in message
    > news:zEeLb.9842$...
    > > Hello All,
    > >
    > > We have a variety of Cisco kit in our lab which also hosts a Win2000 AD
    > > domain.
    > >
    > > Rather than using local enable passwords for the devices which we give

    out
    > > to certain people, I would like to be able to tie in AD permissions to

    > cisco
    > > boxes using RADIUS.
    > >
    > > We have an IAS server which support RADIUS. However I have come accross

    > the
    > > usual problems, is there any examples I can experiment with or

    > documentation
    > > on this. The majority of items I find relate to MAC or VPN. Can what I

    > am
    > > attempting be acheived?
    > >
    > > Many Thanks
    > >
    > > Fat
    > >
    > >

    >
    > Yes, in deed. This is doable and works well. Here is a good doc to get

    you
    > started. Let me know if you run in to any problems with it.
    >
    > http://www.giac.org/practical/GCWN/Damon_Martin.pdf
    >
    > Just an extra hint... They list the local login second and only if the
    > radius is not available. That has its benefits, but I prefer the local
    > login not to have to wait on the timeout from radius. So, my aaa line

    looks
    > like this:
    >
    > aaa authentication login default local group radius
    > aaa authorization exec default local group radius if-authenticated
    >
    > Hope that helps,
    >
    > Jim
    >
    >
    >
     
    Fatman Superstar, Jan 9, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?QXJqZW4gQm9z?=

    Wireless Access Point with Radius Server > authentication?

    =?Utf-8?B?QXJqZW4gQm9z?=, Dec 23, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    1,308
    =?Utf-8?B?QXJqZW4gQm9z?=
    Dec 23, 2004
  2. Jeff
    Replies:
    4
    Views:
    4,433
  3. Jeff
    Replies:
    2
    Views:
    1,908
  4. Shawn Westerhoff
    Replies:
    6
    Views:
    1,957
    Walter Roberson
    Oct 29, 2003
  5. David
    Replies:
    0
    Views:
    2,706
    David
    Nov 6, 2003
Loading...

Share This Page