Users Guide
290 Authentication, Authorization, and Accounting
4
Configure the second RADIUS server for host authentication/network
access is located at 10.130.191.90 with a shared secret. This server will be a
secondary RADIUS server:
console(config)#radius server auth 10.130.191.90
console(config-auth-radius)#name Default-RADIUS-Server
console(config-auth-radius)#key “shared secret”
console(config-auth-radius)#exit
5
Configure the third RADIUS server for host authentication/network access
is located at 10.130.191.91 with a shared secret. This server will also be a
secondary RADIUS server. It will be load balanced in lexical order, meaning
the secondary server configured above will be used once the number of
outstanding requests exceeds the batch size for the primary server. Only
when the number of outstanding requests exceeds the batch size for both
the primary and secondary server above will the third RADIUS server be
utilized:
console(config)#radius server auth 10.130.191.91
console(config-auth-radius)#name Default-RADIUS-Server
console(config-auth-radius)#key “shared secret”
console(config-auth-radius)#exit
6
Configure the load sharing parameters. Decrease the batch size to send up
to 3 requests at once to the primary RADIUS server before load sharing to
the secondary servers:
console(config)#radius server load-balance name Default-
RADIUS-Server method least-outstanding batch-size 3
TACACS+ Authentication Example
Use the following configuration to require TACACS+ authentication when
logging in over a Telnet connection:
1
Create a login authentication list called “tacplus” that contains the
method tacacs. If this method returns an error, the user will fail to login:
console#config
console(config)#aaa authentication login “tacplus” tacacs
2
Create an enable authentication list called “tacp” that contains the
method tacacs. If this method fails, then the user will fail to execute the
enable command:
console(config)#aaa authentication enable “tacp” tacacs