Delszeki
asked on
2 RADIUS server and Local User failover help
Well. Here is what I have. Basically, trying to get it so that when users login via SSH/HTTPS the users authentication will first check primary, and then secondary RADIUS servers, and if no luck there, to use the local user database...
This is just my test router, but once I solidify the connections, I will be using it on the active network. Reason I'm timid. I typed in aaa new-model and it took the switch down that I was working on. So yea. Timid.... =[
This is just my test router, but once I solidify the connections, I will be using it on the active network. Reason I'm timid. I typed in aaa new-model and it took the switch down that I was working on. So yea. Timid.... =[
Current configuration : 1092 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname test_rtr
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login default group radius
aaa authorization exec default group radius
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
!
!
username shaun.local privilege 15 password 7 00150457566A3C472F
!
!
!
interface FastEthernet0/0
ip address 10.11.8.254 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 1.1.1.1 255.255.255.240
duplex auto
speed auto
!
interface Serial0/1/0
no ip address
shutdown
!
interface BRI0/2/0
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.11.8.1
!
ip http server
ip http authentication aaa
!
radius-server host 10.11.8.252 auth-port 1812 acct-port 1813 key 7 0833434F0D11001616
!
control-plane
!
privilege exec level 7 clear line
privilege exec level 7 clear
!
line con 0
line aux 0
line vty 0 4
!
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
CREDS is just a word used to identify the aaa authen and author lines. You could have called it SSH and had another pair for HTTP.
The enable password isn't used and the secret password shouldn't be needed with priv 15.
What version of IOS on what device crashed when typing 'aaa new-model'?
I've updated multiple dozens of devices remotely to aaa and never had a problem such as you've mentioned.
The enable password isn't used and the secret password shouldn't be needed with priv 15.
What version of IOS on what device crashed when typing 'aaa new-model'?
I've updated multiple dozens of devices remotely to aaa and never had a problem such as you've mentioned.
ASKER
Was actually.... aaa authorization exec CREDS group radius local if-authenticated
But other then that, works like a champ! Thank you.
But other then that, works like a champ! Thank you.
ASKER
If that one system is unstable, is there a safeway to check the system before?
As far as solution... [i]CREDS[/i] means the enable password. I just am really wanting everything is square before switching things. :-)