Re: [c-nsp] radius-server test argument

[Oliver Boehmer (oboehmer)]

 
   I would like to use the 'test' feature of radius-server in order
that
 the router can detect dead servers faster. I've got the following
line:
 
 radius-server host x.x.x.13 auth-port 1812 acct-port 1813 timeout 5
test
 username servercheck idle-time 1 key XX

   The 'servercheck' name has to be in the router's local user
database,
 but by doing so, this user can then be used to log into the router.
I'd
 rather not allow this if possible and would like to know if anyone can
 tell me how I might set this user name up to not be useful for
anything
 else other than this test argument?

hmm, assuming you only use local as last-resort for login authen/
author, you could define this user with autocommand exit, so if
someone ever uses it when Tacacs is down, the session disconnects right
away. 

oli

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] radius-server test argument

[Mike]

Hello,


	I would like to use the 'test' feature of radius-server in order that 
the router can detect dead servers faster. I've got the following line:


radius-server host x.x.x.13 auth-port 1812 acct-port 1813 timeout 5 test 
username servercheck idle-time 1 key XX



	The 'servercheck' name has to be in the router's local user database, 
but by doing so, this user can then be used to log into the router. I'd 
rather not allow this if possible and would like to know if anyone can 
tell me how I might set this user name up to not be useful for anything 
else other than this test argument?


Mike-
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/