How to use RADIUS for Authentication

How to use RADIUS on Cisco ASA for Shell and Web Authentication

Assume the RADIUS Servers are:

Cisco ACS Server 1	10.120.10.11
Cisco ACS Server 2	10.120.10.12

[sourcecode gutter=”false” autolinks=”false”]
aaa-server AAA-RADIUS protocol radius
!
aaa-server AAA-RADIUS (Management) host 10.120.10.11
key YYYYXXXYYY
!
aaa-server AAA-RADIUS (Management) host 10.120.10.12
key YYYYXXXYYY
!
! Delete the old local only configuration
no aaa authentication http console LOCAL
no aaa authentication ssh console LOCAL
!
aaa authentication http console AAA-RADIUS LOCAL
aaa authentication ssh console AAA-RADIUS LOCAL
aaa authentication enable console AAA-RADIUS LOCAL
aaa authorization command AAA-RADIUS LOCAL
!
[/sourcecode]

If you have allready configured aaa for the ssh you might see something like

[sourcecode autolinks=”false” gutter=”false” highlight=”2″]
asa1(config)# aaa authentication ssh console AAA-RADIUS LOCAL
Range already exists.
[/sourcecode]

Then you must first disable the aaa authentication and than add the new settings.

[sourcecode autolinks=”false” gutter=”false”]
no aaa authentication ssh console LOCAL
aaa authentication ssh console AAA-RADIUS LOCAL
[/sourcecode]

If you feel this helps a bit or may be not ? Please leave a comment.

Patrick Marc Preuss

How to use RADIUS for Authentication

How to use RADIUS on Cisco ASA for Shell and Web Authentication

Leave a Reply Cancel reply

The worst day diving is better than the best day working:-)