How to use RADIUS on Cisco ASA for Shell and Web Authentication
Assume the RADIUS Servers are:
Cisco ACS Server 1 | 10.120.10.11 |
Cisco ACS Server 2 | 10.120.10.12 |
[sourcecode gutter=”false” autolinks=”false”]
aaa-server AAA-RADIUS protocol radius
!
aaa-server AAA-RADIUS (Management) host 10.120.10.11
key YYYYXXXYYY
!
aaa-server AAA-RADIUS (Management) host 10.120.10.12
key YYYYXXXYYY
!
! Delete the old local only configuration
no aaa authentication http console LOCAL
no aaa authentication ssh console LOCAL
!
aaa authentication http console AAA-RADIUS LOCAL
aaa authentication ssh console AAA-RADIUS LOCAL
aaa authentication enable console AAA-RADIUS LOCAL
aaa authorization command AAA-RADIUS LOCAL
!
[/sourcecode]
If you have allready configured aaa for the ssh you might see something like
[sourcecode autolinks=”false” gutter=”false” highlight=”2″]
asa1(config)# aaa authentication ssh console AAA-RADIUS LOCAL
Range already exists.
[/sourcecode]
Then you must first disable the aaa authentication and than add the new settings.
[sourcecode autolinks=”false” gutter=”false”]
no aaa authentication ssh console LOCAL
aaa authentication ssh console AAA-RADIUS LOCAL
[/sourcecode]
If you feel this helps a bit or may be not ? Please leave a comment.