[cisco-voip] OT Radius authentication with a 2800 router

Go0se me at go0se.com
Tue Jan 4 10:23:01 EST 2011


I don't know how many routers you would have to touch but even if there were
a solution it would be a pain to have to go touch each one. Simply create a
generic AD account and if they are worried about network/workstation access
don't give the account logon rights on your domain. It will still be able to
log into your network devices. 
 
Thanks,

Go0se

My blog:
http://atc.go0se.com

--------------------------------------------
Help Hopegivers International
Feed the orphans of Haiti and India
http://www.hopegivers.org
--------------------------------------------

-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Jason Aarons (US)
Sent: Monday, January 03, 2011 7:03 PM
To: Mike King; Cisco VoIPoE List
Subject: Re: [cisco-voip] OT Radius authentication with a 2800 router

Correct, you need to add them to AD. The fallback method is local usually.

-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Mike King
Sent: Monday, January 03, 2011 11:03 AM
To: Cisco VoIPoE List
Subject: [cisco-voip] OT Radius authentication with a 2800 router

Sorry for the slightly off topic question.

We've been using Radius authentication with our 2800 routers for a while,
but I've been handed an interesting directive.

We have a third party that will need access to our 2800 routers.  I've been
asked to make a local account on the 2800's, as management does not want to
added them to the directory (Active Directory)  We're using Microsoft NPS
(IAS for Server 2008) as a radius backend.

Unfortunately, it's been my experience, when you enable RADIUS, you cannot
login with local accounts unless the RADIUS server does not respond.

Am I missing an easy way to do this?

Mike
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
-----------------------------------------
Disclaimer:

This e-mail communication and any attachments may contain confidential and
privileged information and is for use by the designated addressee(s) named
above only.  If you are not the intended addressee, you are hereby notified
that you have received this communication in error and that any use or
reproduction of this email or its contents is strictly prohibited and may be
unlawful.  If you have received this communication in error, please notify
us immediately by replying to this message and deleting it from your
computer. Thank you.

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip



More information about the cisco-voip mailing list