> I would like to use the 'test' feature of radius-server in order that > the router can detect dead servers faster. I've got the following line: > > radius-server host x.x.x.13 auth-port 1812 acct-port 1813 timeout 5 test > username servercheck idle-time 1 key XXXXXXXXXX > > The 'servercheck' name has to be in the router's local user database, > but by doing so, this user can then be used to log into the router. I'd > rather not allow this if possible and would like to know if anyone can > tell me how I might set this user name up to not be useful for anything > else other than this test argument?
hmm, assuming you only use "local" as last-resort for login authen/ author, you could define this user with "autocommand exit", so if someone ever uses it when Tacacs is down, the session disconnects right away. oli _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/