Nice Article. I was getting ready to look at TACACS or Cisco's Radius product.
I'm going to have to research this on my own now!
Thanks!
Discussion on:
View:
Show:
I'm worried about using "unencrypted authentication". Does this mean that passwords will be sent in "clear text"? At least when I console in I don't have to worry about this.
And if you're using telnet to get to the console, you're sending them clear text anyway.
So the question remains: if someone is sniffing your network, what good is configuring SSH connections to your network devices when the IAS authentication is still going over plaintext??
We use the IAS for VPN connections to the LAN. We can clearly see when a person Authenticates and logs on but is there a way to capture when a person ends the session?
Yes and no - Radius/IAS does not support the notion of "log-off" as it is an authentication service.
But virtually all VPN solutions (at least the 3-4 I have worked with) can keep extensive logs - in most cases you need to configure the appliance/service to keep the log and most will also send the log activity to another server.
But virtually all VPN solutions (at least the 3-4 I have worked with) can keep extensive logs - in most cases you need to configure the appliance/service to keep the log and most will also send the log activity to another server.
you can find what you need if you search on the cisco website.
Try searching for something like "console login authentication" - you are more-or-less setting up TACACS+. What you will find is likely more complex than will be found here, but is doable.
BTW: I am not sure why the article above used only PAP (unencrypted) as CHAP should also work - there are MS specific instructions at cisco if I am not mistaken.
GOOD LUCK
Try searching for something like "console login authentication" - you are more-or-less setting up TACACS+. What you will find is likely more complex than will be found here, but is doable.
BTW: I am not sure why the article above used only PAP (unencrypted) as CHAP should also work - there are MS specific instructions at cisco if I am not mistaken.
GOOD LUCK
Is there a way to combine the use of the Windows AD credentials AND use a secure connectivity protocol such as SSH (version 2)?
Is there a way to use a wildcard for the radius clients and use a subnet definition to allow clients access to the radius server ?
If you are running an AD forest with multiple domains, you will need to add the "DOMAIN\" before the user name (though I have found that you do not need to do this for the domain the IAS server is joined to) when logging in to the Cisco Device and that you may have to add the IAS Server(s) to each domain's "RAS and IAS Servers" group.
Full of knowledge and good information I visit this site 1st time
But how can see switch and routes setup which is on next .
so next week means Monday June 9, 2008.
Please advice.
Thanks
Tom
Tomja_1978@yahoo.com
But how can see switch and routes setup which is on next .
so next week means Monday June 9, 2008.
Please advice.
Thanks
Tom
Tomja_1978@yahoo.com
How to configure privilage levels for users. I tried using some help from some sites, but it did not worked out for me. any bosy can tell the steps.
thanks
pardeep
thanks
pardeep
Anyone know or have the setup for Server 2008 since its no longer IAS and now NPS? We are now being told that we have to use AD to authenticate all of our Routers/switches/firewalls and so on. All routers and switches are Cisco devices, but the firewall is a Juniper Netscreen. Any info would help out!
Thanks in advance
Thanks in advance
Hello I want to set up radius authentication on my wireless network so that every laptop need a username & password. Currently i am using 2003 standard edition as Domain. I want to use a user group of my domain's active directory. I already tried but not succesed actualy i create a group named WIFI access and add some users and a lynksys wrh54g router as main ap. I register the IAS in active durectory and the router as client. In the WIFI ap's security I choose as Radius. Now Laptops are prometed for username and password but not connected to the WiFi net please help
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
