|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
JohnD
Guest
|
 Posted: Sat Jul 14, 2007 12:30 am Post subject: Can 2600 Router ver. 12.3 use Radius Server to Authenticate |
 |
|
I have 500 routers. Right now we are using local accounts set up on each
router to let our admins log into the routers. Whenever an admin leaves, we
have to go around to 500 routers and delete that username and add the new
guy.
Is it possible to set up a router to use AAA authentication to a Radius
server to authenticate telnet access?
That way I just take the ex-employee out of the radius group and he no
longer can get into our routers.
If this is possible, would someone be so kind as to point me to a sample
config. I am having a hell of a time finding anything on cisco.com.
Thank you |
|
| Back to top |
|
 |
|
|
Doug McIntyre
Guest
|
| Posted: Sat Jul 14, 2007 12:46 am Post subject: Re: Can 2600 Router ver. 12.3 use Radius Server to Authentic |
|
|
"JohnD" <JohnD@JohnDdotNet.net> writes:
| Quote: | I have 500 routers. Right now we are using local accounts set up on each
router to let our admins log into the routers. Whenever an admin leaves, we
have to go around to 500 routers and delete that username and add the new
guy.
Is it possible to set up a router to use AAA authentication to a Radius
server to authenticate telnet access?
|
Sure. RADIUS or TACACS+..
| Quote: | That way I just take the ex-employee out of the radius group and he no
longer can get into our routers.
If this is possible, would someone be so kind as to point me to a sample
config. I am having a hell of a time finding anything on cisco.com.
|
Shouldn't be too hard to find, its been part of IOS for quite some time.
Here's a link to the basics in 12.2 documentation.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfathen.htm#wp1001032 |
|
| Back to top |
|
|
Guest
|
| Posted: Sat Jul 14, 2007 3:58 am Post subject: Re: Can 2600 Router ver. 12.3 use Radius Server to Authentic |
|
|
On Jul 13, 3:46 pm, Doug McIntyre <mer...@geeks.org> wrote:
| Quote: | "JohnD" <Jo...@JohnDdotNet.net> writes:
I have 500 routers. Right now we are using local accounts set up on each
router to let our admins log into the routers. Whenever an admin leaves, we
have to go around to 500 routers and delete that username and add the new
guy.
Is it possible to set up a router to use AAA authentication to a Radius
You could use Radius but I would use TACACS+. First RADIUS is clear |
text so you could have someone actually get your password if they are
sniffing the datastream. I really do not like Cisco software, I
REALLY like Cisco ACS. You can also set it up to use your windows
domain to authenticate to. You can do SSOOO MUCH with Cisco ACS!
Hear is a simple RADIUS config.
aaa new-model
!
aaa authentication login default group radius local
! Always config a fallback in case you cant get to the AAA server
radius-server host 172.22.53.201 auth-port 1645 acct-port 1646 key
cisco
! Some IOSes want you to put the key on a seperate line
This will just get you logged in there are the two other A's
(authorization, and accounting) that you may also configure.
Greg
| Quote: | server to authenticate telnet access?
Sure. RADIUS or TACACS+..
That way I just take the ex-employee out of the radius group and he no
longer can get into our routers.
If this is possible, would someone be so kind as to point me to a sample
config. I am having a hell of a time finding anything on cisco.com.
Shouldn't be too hard to find, its been part of IOS for quite some time.
Here's a link to the basics in 12.2 documentation.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cg... |
|
|
| Back to top |
|
|
|
|
