RADIUS question 1

penghon · Dec 25, 2004

The default/basic configuration of RADIUS/aaa auth goes something like this:

aaa authentication login default group radius local
aaa authentication login localauth local

What does the 2nd line do?

PouyaNasir · Dec 26, 2004

Defines a method of authentication against local user database and names it localauth.

penghon · Dec 26, 2004

i see...so this would mean that this line is redundant given that the first line stated that should the RADIUS server be uncontactable, the cisco device will authenticate user with the local database.

Am i correct?

PouyaNasir · Dec 27, 2004

No it is not redundant. This way you would have two methods of authentication with different names.

If you don't specify the name or use default when defining authentication for something like ppp or line vty or ... it will use the first line, uses the radius server to autheticate and if it failes uses the local database. On the other hand if you specify localauth as the name of authentication method somewhere, it will only use the local database.

penghon · Dec 27, 2004

oh i get it!
Man, thanks for the tip!

BuckWeet · Dec 27, 2004

easier terms would be the 'localauth' is your authentication profile, and you have to apply that profile to the *ty sessions, if you don't apply one, default is used..

BuckWeet

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

RADIUS question 1

penghon

MIS

PouyaNasir

Programmer

penghon

MIS

PouyaNasir

Programmer

penghon

MIS

BuckWeet

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor