Authenticate using AD credentials on Cisco switch
I have several Cisco 2950/2960 switches, and a Windows Server 2k3 Domain Controller running IAS. Could someone please give me a step by step procedure to implement Active Directory authentication on these switches?
It would be great if I could give one AD group Level 1 access and another group Level 15 access.
Thanks in advance!
It would be great if I could give one AD group Level 1 access and another group Level 15 access.
Thanks in advance!
ASKER
Hi lrmoore,
Thanks for your help. I've followed the instructions on blindhog.net, but I get access denied every time. Any ideas?
Thanks for your help. I've followed the instructions on blindhog.net, but I get access denied every time. Any ideas?
ASKER
Ok figured it out. The user in Active Directory must have Remote Access Permission (Dial-in or VPN) in the Dial-In tab set to Allow access.
Now i've got to figure out the Level 15 vs Level 1 settings :-)
Now i've got to figure out the Level 15 vs Level 1 settings :-)
Good job!
Let us know how you get on with the command levels.
Let us know how you get on with the command levels.
ASKER
Please find the attached instructions about how to accomplish AAA IAS authentication on Cisco IOS devices.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/
Privilege levels gets a little more complicated. You have to define the commands that a lower-level access group can use, then assign an cisco-av-pair <level> in Radius to the users.
http://support.microsoft.com/kb/319824/?sd=RMVP&fr=1