Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Occasional Contributor I

Using RADIUS for multiple purposes?

Hi, this may be a daft question but I'm looking for confirmation and maybe some example config snippets.

 

Can I use RADIUS both for login to the CLI/WebGUI (management) and also at the same time use another RADIUS server for 1x port-authentication? All in one switch config.

 

I would believe it boils down to the commands

aaa authentication login and

aaa authentication port-access, but how can I associate the respective functions to separate RADIUS servers?

 

The way someone configured it a long time ago in my environment is to use TACACS for one and RADIUS for the other but I'm thinking there is a way to accomplish this using only RADIUS.


Accepted Solutions
Highlighted

Re: Using RADIUS for multiple purposes?

Hi Borgsquirrel,

 

sure this is possible. You would create different radius servers within your config like this:

 

radius-server host 10.104.104.41 key "aruba123"

 

Do this for all your radius servers. 

 

Afterward, you should group them together, at least whose wit the same function like this:

 

aaa server-group radius "CPPM" host 10.104.104.41

 

you can now use them in your config for all kinds of configurations like dot1x:

aaa authentication port-access eap-radius server-group CPPM

 

and for cli access like this:

aaa authentication ssh login radius server-group CPPM1

 

Doing so, you can configure a different radius server group for each access method the switch offers. 

 

hope this helps. 

 

BR

Florian


visit our Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ/featured
Please visit my personal blog as well:
https://www.flomain.de

View solution in original post


All Replies
Highlighted

Re: Using RADIUS for multiple purposes?

Hi Borgsquirrel,

 

sure this is possible. You would create different radius servers within your config like this:

 

radius-server host 10.104.104.41 key "aruba123"

 

Do this for all your radius servers. 

 

Afterward, you should group them together, at least whose wit the same function like this:

 

aaa server-group radius "CPPM" host 10.104.104.41

 

you can now use them in your config for all kinds of configurations like dot1x:

aaa authentication port-access eap-radius server-group CPPM

 

and for cli access like this:

aaa authentication ssh login radius server-group CPPM1

 

Doing so, you can configure a different radius server group for each access method the switch offers. 

 

hope this helps. 

 

BR

Florian


visit our Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ/featured
Please visit my personal blog as well:
https://www.flomain.de

View solution in original post

Highlighted
Occasional Contributor I

Re: Using RADIUS for multiple purposes?

Thanks Florian! That was kind of how I thought it would be, very good! Have a nice weekend!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: