|
Networking HowTo's -
Cisco HowTo's
|
|
Written by Keith Short
|
|
Friday, 16 May 2008 17:38 |
|
The same issues are relevant here as in my CatOS Radius HowTo, so I repeat it here.
"Having to configure or change passwords on hundreds or thousand of routers can be a daunting and downright boring task. So I suggest
using Radius as a much more scalable solution. This gives you a central
location to manage users that are allowed to access your network gear.
There is also the added benefit of individual passwords for each
user, so you can always tell who did what and when. In a nutshell it
makes everyone think twice about changes as, they will be tracked back
to the implementor. That means less mistakes. Not that any of us make
mistakes. :)"
Below is a basic configuration with redundant Radius Servers defined. The items in red are specific to your environment.
aaa new-model
aaa authentication login default group radius local
aaa authorization exec default group radius if-authenticated
aaa authorization console
radius-server host 192.168.1.10
radius-server host 10.10.10.5
radius-server key password
|
|
Last Updated ( Friday, 16 May 2008 22:53 )
|