Re: RADIUS question

From: Nick Shah (nshah@xxxxxxxxxxxxxx)
Date: Tue Apr 30 2002 - 21:35:20 GMT-3

• Next message: Nick Shah: "Re: RADIUS question"
• Previous message: DAve Diaz: "O/T ccie 9240 thread"
• Maybe in reply to: Jason Sinclair: "RADIUS question"
• Next in thread: Nick Shah: "Re: RADIUS question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
yes, its possible (however its more flexible with tacacs+

This is how you would do it.. .

aaa new-model
aaa authentication login default radius local enable
aaa authentication login dial-access radius enable (define dial-access
group)
aaa authentication login vty-access radius local enable (for telnet access)
aaa authentication login console-access radius local enable
aaa authentication ppp default if-needed radius
aaa authorization exec default radius if-authenticated local
and other authorization as and how required...

aaa accounting network default wait-start radius
aaa accounting connection default wait-start radius
aaa accounting system default wait-start radius

hth
Nick
----- Original Message -----
From: "Jason Sinclair" <sinclairj@powertel.com.au>
To: <ccielab@groupstudy.com>
Sent: Wednesday, May 01, 2002 9:44 AM
Subject: RADIUS question

> All,
>
> Let's say that you have a RADIUS server that you want to authenticate
router
> logins on and also want to use this for RAS access. Can you configure
> certain user/pass pairs to only be allowed to access routers, and others
> only to dial in?
>
> Cheers,
>
> Jason Sinclair CCIE #9100
> Manager, Network Support Group
> POWERTEL
> Ground Level, 55 Clarence Street,
> SYDNEY NSW 2000
> AUSTRALIA
> office: + 61 2 8264 3820
> mobile: + 61 416 105 858
> * sinclairj@powertel.com.au
>
>
>
>
> **********************************************************************
> PowerTel Limited, winners of
> Broadband Wholesale Carrier of the year, CommsWorld Telecomms Awards 2001
> Best Emerging Telco, Australian Telecom Awards 2001
>
> **********************************************************************
> This email (including all attachments) is intended solely for the named
> addressee. It is confidential and may contain commercially sensitive
> information. If you receive it in error, please let us know by reply
email,
> delete it from your system and destroy any copies.
>
> This email is also subject to copyright. No part of it should be
reproduced,
> adapted or transmitted without the prior written consent of the copyright
owner.
>
> Emails may be interfered with, may contain computer viruses or other
defects
> and may not be successfully replicated on other systems. We give no
> warranties in relation to these matters. If you have any doubts about
> the authenticity of an email purportedly sent by us, please contact us
> immediately.
>
> **********************************************************************

• Next message: Nick Shah: "Re: RADIUS question"
• Previous message: DAve Diaz: "O/T ccie 9240 thread"
• Maybe in reply to: Jason Sinclair: "RADIUS question"
• Next in thread: Nick Shah: "Re: RADIUS question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:24 GMT-3