Cisco Radiusanbindung: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „=Einfache Anbindung= *radius-server host 192.168.244.49 auth-port 1812 acct-port 1813 *radius-server key 7 105D100A04131F =Login= *aaa authentication login def…“) |
Thomas (Diskussion | Beiträge) |
||
| (11 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
=Einfache Anbindung= | =Einfache Anbindung= | ||
| − | *radius-server host 192.168.244. | + | *radius-server host 192.168.244.129 auth-port 1812 acct-port 1813 |
| − | *radius-server key | + | *radius-server key 0 sysadm |
| + | *radius-server vsa send accounting | ||
| + | *radius-server vsa send authentication | ||
| + | |||
=Login= | =Login= | ||
| + | *aaa new-model | ||
*aaa authentication login default group radius local | *aaa authentication login default group radius local | ||
| + | *aaa authorization exec default group radius local if-authenticated | ||
| + | |||
| + | =Example= | ||
| + | <pre> | ||
| + | aaa new-model | ||
| + | aaa authentication login default group radius local | ||
| + | aaa authentication login vty-login group radius local | ||
| + | aaa authentication enable default enable | ||
| + | aaa authorization exec default group radius local if-authenticated | ||
| + | aaa accounting exec default start-stop group radius | ||
| + | </pre> | ||
| + | |||
| + | =Beides Radius und Local= | ||
| + | <pre> | ||
| + | aaa new-model | ||
| + | ! | ||
| + | ! | ||
| + | aaa authentication login default local group radius | ||
| + | aaa authorization exec default local group radius if-authenticated | ||
| + | aaa accounting dot1x default start-stop group radius | ||
| + | </pre> | ||
| + | |||
| + | =Links= | ||
| + | *http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/116291-configure-freeradius-00.html | ||
| + | *http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html | ||
| + | *http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/fsecur_r/srfathen.html | ||
Aktuelle Version vom 7. Juni 2016, 12:51 Uhr
Einfache Anbindung
- radius-server host 192.168.244.129 auth-port 1812 acct-port 1813
- radius-server key 0 sysadm
- radius-server vsa send accounting
- radius-server vsa send authentication
Login
- aaa new-model
- aaa authentication login default group radius local
- aaa authorization exec default group radius local if-authenticated
Example
aaa new-model aaa authentication login default group radius local aaa authentication login vty-login group radius local aaa authentication enable default enable aaa authorization exec default group radius local if-authenticated aaa accounting exec default start-stop group radius
Beides Radius und Local
aaa new-model ! ! aaa authentication login default local group radius aaa authorization exec default local group radius if-authenticated aaa accounting dot1x default start-stop group radius
Links
- http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/116291-configure-freeradius-00.html
- http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html
- http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/command/reference/fsecur_r/srfathen.html