[cisco-nas] 2 radius server for a nas

jc jc at isnet.net
Mon Mar 15 08:40:28 EST 2004


On Sat, 13 Mar 2004, Oliver Boehmer (oboehmer) wrote:

> > I use as5350 nas and a radius server but need to give restricted
> > access to guest users and can't give access to these users to change
> > their passwords on the radius server, is it possible to have a local
> > authentication for these users and radius for normal users or use two
> > radius servers, one for normal users and another for guests?
>
> Can you introduce a different DNIS for guests? If so you can ether use
> RPM to assign a different template which references a local ppp
> authentication/authorization method or use the "aaa dnis map
> {authentication|authorization}" feature on your "regular" users' DNIS to
> assign your "normal" AAA server group for this DNIS while configuring
> "aaa authen ppp default local"/"aaa author network default local" to be
> used by all other DNIS.
>
> But maybe you can also prevent guest users from changing their password
> on your Radius server?

how about just assigning an acl via cisco-avpairs to restrict the 'guest'
users to whichever access required ?

j.




More information about the cisco-nas mailing list