[cisco-voip] OT Radius authentication with a 2800 router

Lelio Fulgenzi lelio at uoguelph.ca
Tue Jan 4 10:25:11 EST 2011


And you can easily disable the account and enable it when required (if 24hr/7day/wk access is not required). If you had to create a local account on each router and a security issue arose, bad news. 

--- 
Lelio Fulgenzi, B.A. 
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN) 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
Cooking with unix is easy. You just sed it and forget it. 
- LFJ (with apologies to Mr. Popeil) 


----- Original Message -----
From: "Go0se" <me at go0se.com> 
To: "Jason Aarons (US)" <jason.aarons at us.didata.com>, "Mike King" <me at mpking.com>, "Cisco VoIPoE List" <cisco-voip at puck.nether.net> 
Sent: Tuesday, January 4, 2011 10:23:01 AM 
Subject: Re: [cisco-voip] OT Radius authentication with a 2800 router 

I don't know how many routers you would have to touch but even if there were 
a solution it would be a pain to have to go touch each one. Simply create a 
generic AD account and if they are worried about network/workstation access 
don't give the account logon rights on your domain. It will still be able to 
log into your network devices. 

Thanks, 

Go0se 

My blog: 
http://atc.go0se.com 

-------------------------------------------- 
Help Hopegivers International 
Feed the orphans of Haiti and India 
http://www.hopegivers.org 
-------------------------------------------- 

-----Original Message----- 
From: cisco-voip-bounces at puck.nether.net 
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Jason Aarons (US) 
Sent: Monday, January 03, 2011 7:03 PM 
To: Mike King; Cisco VoIPoE List 
Subject: Re: [cisco-voip] OT Radius authentication with a 2800 router 

Correct, you need to add them to AD. The fallback method is local usually. 

-----Original Message----- 
From: cisco-voip-bounces at puck.nether.net 
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Mike King 
Sent: Monday, January 03, 2011 11:03 AM 
To: Cisco VoIPoE List 
Subject: [cisco-voip] OT Radius authentication with a 2800 router 

Sorry for the slightly off topic question. 

We've been using Radius authentication with our 2800 routers for a while, 
but I've been handed an interesting directive. 

We have a third party that will need access to our 2800 routers. I've been 
asked to make a local account on the 2800's, as management does not want to 
added them to the directory (Active Directory) We're using Microsoft NPS 
(IAS for Server 2008) as a radius backend. 

Unfortunately, it's been my experience, when you enable RADIUS, you cannot 
login with local accounts unless the RADIUS server does not respond. 

Am I missing an easy way to do this? 

Mike 
_______________________________________________ 
cisco-voip mailing list 
cisco-voip at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-voip 
----------------------------------------- 
Disclaimer: 

This e-mail communication and any attachments may contain confidential and 
privileged information and is for use by the designated addressee(s) named 
above only. If you are not the intended addressee, you are hereby notified 
that you have received this communication in error and that any use or 
reproduction of this email or its contents is strictly prohibited and may be 
unlawful. If you have received this communication in error, please notify 
us immediately by replying to this message and deleting it from your 
computer. Thank you. 

_______________________________________________ 
cisco-voip mailing list 
cisco-voip at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-voip 

_______________________________________________ 
cisco-voip mailing list 
cisco-voip at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-voip 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110104/ffebc28f/attachment.html>


More information about the cisco-voip mailing list