[c-nsp] Authorization configuration help request
Craig Gauss
GAUCRA at rhahealthcare.org
Wed Apr 27 17:43:24 EDT 2005
We are currently having our switches authenticate anyone telnetting to
them by using MS IAS. It is working great, we are also doing this with
our 1200 WAPs.
I hate using it but I have been asked to enable the web interface on the
switches also and notice on 3524s the web interface works fine, but the
3550s don't seem to be authenticating correctly.
Current config on the switches:
aaa new-model
aaa authentication login default group radius
aaa authentication login if_needed local
aaa authorization exec default group radius if-authenticated
Ip http server
ip http authentication aaa
radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646
radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646
radius-server key xxxxxxxxx
privilege exec level 2 enable
line con 0
privilege level 2
login authentication if_needed
>From what I am seeing when I telnet the IAS box is getting the request,
but when I try and http to the 3550's it does not. The 3524's are going
through IAS to authenticate.
Any ideas?
Also is there a way to setup the authentication like this on 1605
routers, PIX 515, or the 3005 VPN Concentrator?
More information about the cisco-nsp
mailing list