Cisco Radius Configuration Part 2

Follow me!

ScreenShots

Latest Posts

GFS hangs after fenc... (0)

by chriss745

Jul.01.10

Difference between R... (0)

by mainstreetexpress

Jun.15.10

Python, Suds, and th... (7)

by rasputnik

May.27.10

Comments or help for... (10)

by Stephan26

Mar.24.10

REPORTS (2)

by dynasty

Mar.21.10

Newest Downloads

Get 3par Disk IO Stats

Mar.29

snmp_branch.py

Mar.24

Zenoss Alerting Rule Manager

Mar.19

Zenoss_Template_Manager

Mar.18

[zenoss@zenoss2 ~]$ python Zenoss_Template_Manager.py -husage: Examples: python Zenoss_Templa...

Get Netscaler Stats

Feb.07

Cisco Radius Configuration Part 2 - IOS

Networking HowTo's - Cisco HowTo's

Written by Keith Short

Friday, 16 May 2008 17:38

Tags:

The same issues are relevant here as in my CatOS Radius HowTo, so I repeat it here.

"Having to configure or change passwords on hundreds or thousand of routers can be a daunting and downright boring task. So I suggest using Radius as a much more scalable solution. This gives you a central location to manage users that are allowed to access your network gear.

There is also the added benefit of individual passwords for each user, so you can always tell who did what and when. In a nutshell it makes everyone think twice about changes as, they will be tracked back to the implementor. That means less mistakes. Not that any of us make mistakes. :)"

Below is a basic configuration with redundant Radius Servers defined. The items in red are specific to your environment.

aaa new-model

aaa authentication login default group radius local
aaa authorization exec default group radius if-authenticated
aaa authorization console

radius-server host 192.168.1.10
radius-server host 10.10.10.5
radius-server key password