Solved

Cisco 1921 AAA setup on has two options

Posted on 2011-03-04
10
1,395 Views
Last Modified: 2012-05-11
Working on configuring a 1921 router.  I am trying to setup aaa in the same way the ASA 5500 series are setup.  In the ASA you can setup server groups and there are several protocol choices including ntdomain.  In the 1921 the only options are radius and tacacs+.  Is there a license I am missing to get the other types or is the 1921 not capable of handling the other protocols?
0
Comment
Question by:dmwynne
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
10 Comments
 
LVL 14

Author Comment

by:dmwynne
ID: 35039640

Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(3)T, RELE                         ASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Mon 15-Nov-10 21:08 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)

Montreal1921 uptime is 22 hours, 51 minutes
System returned to ROM by reload at 21:30:18 UTC Thu Mar 3 2011
System image file is "flash:/c1900-universalk9-mz.SPA.151-3.T.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO1921/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID FTX1450039J
6 Gigabit Ethernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
250864K bytes of USB Flash usbflash0 (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*0        CISCO1921/K9          FTX1450039J



Technology Package License Information for Module:'c1900'

----------------------------------------------------------------
Technology    Technology-package          Technology-package
              Current       Type          Next reboot
-----------------------------------------------------------------
ipbase        ipbasek9      Permanent     ipbasek9
security      securityk9    Permanent     securityk9
data          None          None          None

Configuration register is 0x2102

Open in new window

0
 
LVL 2

Expert Comment

by:mi-sir
ID: 35039880
You are running version 15.0 and ldap was introduced in 15.1(1)T.. so you need an upgrade
than here is ldap configuration guide
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_ldap.html
0
 
LVL 14

Author Comment

by:dmwynne
ID: 35040064
Doesn't line 10 show I am runing 15.1-3 IOS?

Line 10 - System image file is "flash:/c1900-universalk9-mz.SPA.151-3.T.bin"
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:mi-sir
ID: 35040084
ahh sorry I over looked it so check the link about LDAP config
0
 
LVL 14

Author Comment

by:dmwynne
ID: 35040206
OK but I was wondering if this the 1921 had the options that the ASA has.
Noname.jpg
0
 
LVL 2

Expert Comment

by:mi-sir
ID: 35040287
OK didnt know you want to use GUI... not familiar with SDM I prefere CLI and  yes there you can specify
to aaa against LDAP i guess it should be in GUI too
0
 
LVL 14

Author Comment

by:dmwynne
ID: 35040611
don't really need to use the Gui I just used that screenshot to show what I was referring to.  But I don't think ldap is what I want, I need the nt domain.
0
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 35063027
It appears that the authentication methods available are:  RADIUS, tacacs+, LDAP, and local database.

NT Domain is not available for IOS-based devices.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question