Solved

Cisco 1921 AAA setup on has two options

Posted on 2011-03-04
10
1,350 Views
Last Modified: 2012-05-11
Working on configuring a 1921 router.  I am trying to setup aaa in the same way the ASA 5500 series are setup.  In the ASA you can setup server groups and there are several protocol choices including ntdomain.  In the 1921 the only options are radius and tacacs+.  Is there a license I am missing to get the other types or is the 1921 not capable of handling the other protocols?
0
Comment
Question by:dmwynne
  • 4
  • 3
10 Comments
 
LVL 14

Author Comment

by:dmwynne
Comment Utility

Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(3)T, RELE                         ASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Mon 15-Nov-10 21:08 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)

Montreal1921 uptime is 22 hours, 51 minutes
System returned to ROM by reload at 21:30:18 UTC Thu Mar 3 2011
System image file is "flash:/c1900-universalk9-mz.SPA.151-3.T.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO1921/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID FTX1450039J
6 Gigabit Ethernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
250864K bytes of USB Flash usbflash0 (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*0        CISCO1921/K9          FTX1450039J



Technology Package License Information for Module:'c1900'

----------------------------------------------------------------
Technology    Technology-package          Technology-package
              Current       Type          Next reboot
-----------------------------------------------------------------
ipbase        ipbasek9      Permanent     ipbasek9
security      securityk9    Permanent     securityk9
data          None          None          None

Configuration register is 0x2102

Open in new window

0
 
LVL 2

Expert Comment

by:mi-sir
Comment Utility
You are running version 15.0 and ldap was introduced in 15.1(1)T.. so you need an upgrade
than here is ldap configuration guide
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_ldap.html
0
 
LVL 14

Author Comment

by:dmwynne
Comment Utility
Doesn't line 10 show I am runing 15.1-3 IOS?

Line 10 - System image file is "flash:/c1900-universalk9-mz.SPA.151-3.T.bin"
0
 
LVL 2

Expert Comment

by:mi-sir
Comment Utility
ahh sorry I over looked it so check the link about LDAP config
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 14

Author Comment

by:dmwynne
Comment Utility
OK but I was wondering if this the 1921 had the options that the ASA has.
Noname.jpg
0
 
LVL 2

Expert Comment

by:mi-sir
Comment Utility
OK didnt know you want to use GUI... not familiar with SDM I prefere CLI and  yes there you can specify
to aaa against LDAP i guess it should be in GUI too
0
 
LVL 14

Author Comment

by:dmwynne
Comment Utility
don't really need to use the Gui I just used that screenshot to show what I was referring to.  But I don't think ldap is what I want, I need the nt domain.
0
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
Comment Utility
It appears that the authentication methods available are:  RADIUS, tacacs+, LDAP, and local database.

NT Domain is not available for IOS-based devices.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now