[cisco-nas] 2 radius server for a nas

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Sat Mar 13 03:51:42 EST 2004


Hi Rivo,

> I use as5350 nas and a radius server but need to give restricted
> access to guest users and can't give access to these users to change
> their passwords on the radius server, is it possible to have a local
> authentication for these users and radius for normal users or use two
> radius servers, one for normal users and another for guests?    

Can you introduce a different DNIS for guests? If so you can ether use
RPM to assign a different template which references a local ppp
authentication/authorization method or use the "aaa dnis map
{authentication|authorization}" feature on your "regular" users' DNIS to
assign your "normal" AAA server group for this DNIS while configuring
"aaa authen ppp default local"/"aaa author network default local" to be
used by all other DNIS.

But maybe you can also prevent guest users from changing their password
on your Radius server?

	oli



More information about the cisco-nas mailing list