AAA RADIUS question

Discussion in 'Cisco' started by gmosley, Sep 29, 2006.

  1. gmosley

    gmosley Guest

    We are using RADIUS under AIX to authenticate traffic through a Cisco
    box into a VLAN.

    Can the RADIUS server be configured to not authenticate specific IP
    addresses?

    In the RADIUS log I see that it is getting the source IP address like
    this:

    Cisco-AVPair = "ip:source-ip=xxx.xxx.xxx.xxx"

    Can the RADIUS server be configured to not authenticate from that
    specific IP address/subnet?
     
    gmosley, Sep 29, 2006
    #1
    1. Advertisements

  2. gmosley

    Fook Guest

    Can you not specify on the RADIUS server itself what subnets/ips to allow?

    My RADIUS server only accepts connetions from two IP addresses?

    Or am I misunderstanding what you're asking :)
     
    Fook, Sep 29, 2006
    #2
    1. Advertisements

  3. gmosley

    gmosley Guest

    Fook,
    Part of the problem is that I cannot access the server itself - but if
    I can help them find a solution to implement it will solve my problem.

    Are you talking about limiting it to which NAS devices (firewalls, etc)
    can authenticate? That is being done.

    The problem is that the NAS passes along the source IP of the user, and
    there are some systems we would prefer not be allowed to authenticate.

    Unfortunately the systems we don't want to authenticate are the
    exceptions, not the rule.

    Can you allow authentication from ALL servers except a few?
     
    gmosley, Sep 29, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.