If you already have aaa new-model, all you will require are:
--> > radius-server host <hostname>
--> > radius-server key <password>
--> > aaa authentication ppp default tacacs+ radius
Assuming it is PPP you wish to authenticate from these AAA services.
JWR
On Mon, Feb 14, 2000 at 12:25:04PM +0000, Gerardo Soto said:
--> Hello Jonathon:
-->
--> I deeply appreciate your explanation and it really heleped me a
--> lot, but ( forgive my ignorance ) I still have a doubt about it . Can I
--> Just modify one line and save it ? I mean , is this not the same as the
--> access-lists , what I mean by that is that when you want to modify a rule
--> with your incoming or outgoing access-lists you have to erase it all and
--> then rewrite it ( you know the no access-list xxx command) . When you
--> mention about tha new-model command will that erase a previous one a leave
--> only the one I am introducing ? or will it modify only the lines affected?
-->
--> The reazon for this question is that I have a few addittional aaa commands
--> like :
-->
--> aaa aaa new-model
--> aaa authentication login default tacacs+ enable local
--> aaa authentication ppp default tacacs+
--> aaa authorization exec none local
--> aaa authorization commands 1 none
--> aaa accounting exec start-stop tacacs+
--> aaa accounting network start-stop tacacs+
--> aaa accounting connection wait-start tacacs+enable secret 5
--> enable password
--> !
-->
--> I understand perfectly what you say but I as you can tell I do not
--> know what will happen to rest of my aaa conf.
--> Hope you can help me out .
-->
--> THANKS!!!
-->
--> > Quite straightforward, as a quick read of the documentation available on
--> > CCO would have told you. This is assuming your IOS image supports RADIUS
--> > (some don't):
--> >
--> > radius-server host <hostname>
--> > radius-server key <password>
--> > <insert-tacacs-server-config>
--> > aaa new-model
--> > aaa authentication ppp default tacacs+ radius
--> >
--> > ie: radius is only consulted if the tacacs+ server FAILS. If the
--> > tacacs+ server denies the user, radius is never consulted.
--> >
--> > JWR
--> >
-->
--
+---------------------------------------------------+----------------------+
| Jonathon W. Ross | Web: www.isa.net.au |
| Systems Administrator | Tel: +61 2 6230 4444 |
| Internet Solutions Australia Pty Ltd | Fax: +61 2 6230 4455 |
| Wholly Owned Subsidiary of Ramsgate Resources Ltd | ACN: 086 692 211 |
+---------------------------------------------------+----------------------+
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
