I would like to use the 'test' feature of radius-server in order
that
the router can detect dead servers faster. I've got the following
line:
radius-server host x.x.x.13 auth-port 1812 acct-port 1813 timeout 5
test
username servercheck idle-time 1 key XX
The 'servercheck' name has to be in the router's local user
database,
but by doing so, this user can then be used to log into the router.
I'd
rather not allow this if possible and would like to know if anyone can
tell me how I might set this user name up to not be useful for
anything
else other than this test argument?
hmm, assuming you only use local as last-resort for login authen/
author, you could define this user with autocommand exit, so if
someone ever uses it when Tacacs is down, the session disconnects right
away.
oli
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/