> I would like to use the 'test' feature of radius-server in order
that
> the router can detect dead servers faster. I've got the following
line:
>
> radius-server host x.x.x.13 auth-port 1812 acct-port 1813 timeout 5
test
> username servercheck idle-time 1 key XXXXXXXXXX
>
> The 'servercheck' name has to be in the router's local user
database,
> but by doing so, this user can then be used to log into the router.
I'd
> rather not allow this if possible and would like to know if anyone can
> tell me how I might set this user name up to not be useful for
anything
> else other than this test argument?
hmm, assuming you only use "local" as last-resort for login authen/
author, you could define this user with "autocommand exit", so if
someone ever uses it when Tacacs is down, the session disconnects right
away.
oli
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
