Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Radius authentication

Status
Not open for further replies.
Michoud

Michoud

Technical User
Dec 27, 2005
33
US
I've been researching the differences between Radius and TACACS+ for user authentication/accounting on Cisco devices and I've come up with a few questions about Radius:

1) Can groups be used to define access levels?

2) What sort of access levels can be defined? Will I be restricted to allowing access to user EXEC and privileged EXEC only or can I define commands a specific user/group can use?

3) Anyone have any experience using Windows IAS service linked to Active Directory as an authentication system for Cisco devices? If so, please share your experience.


Thank you!
 
Sort by date Sort by votes
After reading that thread it may not be clear, here is a simple walkthrough that I did when I first setup RADIUS:

####################Configure Radius (have to have a encryption image loaded onto the switch to do so)
*Radius group is mods-radius (just to keep it the same across the board)
*Enter these commands below to setup the switch
*You also need to setup IAS on backup IAS

Step 1
config t

Step 2
radius-server host <radius server IP> key XXXXXXXX

Step 3
aaa new-model

Step 4
aaa group server radius mods-radius

Step 5
server <radius server IP>

step 6
aaa authentication login default local

Step 7
aaa authentiation login mods-radius group local

step 8
line vty 0 15

step 9
login authentication mods-radius
Copy run start

That will get Radius enabled on your switch. IAS is simple, create the client and add a policy allowing an AD group authentication. I didnt go as far as configuring enable passwords with raidus auth, I just used RADIUS to get into the switch and used the local enable password.

AS far as different levels of priviledges you can, just need to configure multiple access policies in IAS.
 
Upvote 0 Downvote
When you say configure multiple access policies in IAS.


Does this allow me to create different groups? One group with user exec access and another group with privilege exec acccess?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DigiByte34
  • Locked
  • Question
Need Help Cisco AAA to any RADIUS Software
Replies
9
Views
519
DigiByte34
DigiByte34
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
205
acabezas2014
acabezas2014
7740090
  • Locked
  • Question
radius server authentication
Replies
0
Views
92
7740090
7740090
Almin
  • Locked
  • Question
Cisco 881W User authentication via Radius
Replies
0
Views
71
Almin
Almin
joblack23
  • Locked
  • Question
cisco SG300 - Radius
Replies
1
Views
72
joblack23
joblack23

Part and Inventory Search

Sponsor

Back
Top