Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
191
Views
1
Helpful
1
Replies

Deploying AAA Radius on working infrastructure

from88
Level 4
Level 4

‎08-24-2017 03:57 AM - edited ‎03-08-2019 11:49 AM

Hello,

Getting ready to deploy radius centralized authentication and authorization model to current DC network which now is based on local auth. I've some thoughts how to enable ir safely and not end into lockout situation. For example on different IOS devices make sure that i've console connection. Configure AAA methods not with default lists, but with explicitly named and enable it first on VTY lines and see If's working correctly. Also, always leave one session open and try to do new session with new tab. If everything is OK, do it on console line. Also IOS XRs've commit confirmed options.
Maybe you've some other practical advices ?


Thanks

Labels:
0 Helpful
1 Reply 1

Georg Pauwen
VIP
VIP

‎08-24-2017 08:37 AM

Hello,

a local username and password in combination with a fallback to local should prevent any lockout:

username username password password
aaa authentication login default group radius local

Additonally, you can configure the console and/or vty to use a predefined password:

aaa authentication login CONSOLE line

line con 0
exec-timeout 0 0
password password
login authentication CONSOLE

Or use the locally defined username and password to authenticate:

aaa authentication login CONSOLE local

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card