Re: AAA authorization against another router

From: Cassidy D. Smith (csmith@xxxxxxxxxxxxxxxxxxxxx)
Date: Fri Jan 04 2002 - 01:36:35 GMT-3

• Next message: Eric Ng: "OT: Lab Swap in Halifax (C&S)"
• Previous message: ketan.paralkar: "INTRODUCTION"
• Maybe in reply to: Andy Pilcher: "AAA authorization against another router"
• Next in thread: Sam Munzani: "Re: AAA authorization against another router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
There are Linux RPM's for both, I run them at home on a Redhat 7.2 box..
Any old intel, sparc, or Alpha compatible box with a Nic will do. You
can download the Redhat CDRom ISO images from redhat..

You can find your RPM's at http://rpmfind.net/linux/RPM/ do a search
for "tacacs" or "radius"
Redhat can be found at
ftp://ftp.redhat.com/pub/redhat/linux/7.2/en/iso/i386 for "i386" intel
compatibles.. you only need the two image files (not the SRPMS), most cd
burner software will work,, you may need 800minute cdroms..

The real trick is setting up the configuration files...

Casey

P.S. Yes I am a linux fan, the other benifits are free protocol
analyzers (ethereal), GateD and Zebra if you need more BGP or OSPF
peers, Those doing the security cert may be interested in snort and
nesseus an excellent and free security scanner..

Banyong, Don wrote:

>To my knowledge, this is not possible. A Cisco router is not a Radius nor a
>TACACS server. Cisco cells a product that handles TACACS and RADIUS via NDS,
>NT SAM or any local database. This product is called Cisco Secure.
>
>A cheap and probably free solution is Windows 2000 Internet Authentication
>Service. It provides Radius aaa service but good luck trying to configure
>it. Are there any Linux freebies on TACACS?
>
>Thanks,
>Don
>
>-----Original Message-----
>From: Andy Pilcher [mailto:andypilcher2@earthlink.net]
>Sent: Thursday, January 03, 2002 9:20 PM
>To: ccielab@groupstudy.com
>Subject: AAA authorization against another router
>
>
>Folks,
>
>Is there a way to make aaa authorization on one Cisco router key off of
>another Cisco router's user database? I'm looking all over the Cisco
>documentation site for it, but the only aaa authorization methods I can
>find are the following:
>
>group radius
>group tacacs+
>group (radius/tacacs+ server subset)
>if-authenticated
>(none)
>local
>krb5-instance
>
>That's what's documented in the command reference for aaa
>authorization. But I don't believe any of these let you authorize
>against another Cisco router (the closest is "local"), unless there is
>some way of telling the other router to act as a radius or a tacacs+
>server. Is that possible?
>
>Thanx in advance.
>
>Andy Pilcher,
>CCIE Wannabe

--

• Next message: Eric Ng: "OT: Lab Swap in Halifax (C&S)"
• Previous message: ketan.paralkar: "INTRODUCTION"
• Maybe in reply to: Andy Pilcher: "AAA authorization against another router"
• Next in thread: Sam Munzani: "Re: AAA authorization against another router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:15 GMT-3