RADIUS question 1

[penghon]

The default/basic configuration of RADIUS/aaa auth goes something like this:

aaa authentication login default group radius local
aaa authentication login localauth local

What does the 2nd line do?

 

[PouyaNasir]

Defines a method of authentication against local user database and names it localauth.

 

[penghon]

i see...so this would mean that this line is redundant given that the first line stated that should the RADIUS server be uncontactable, the cisco device will authenticate user with the local database.

Am i correct?

 

[PouyaNasir]

No it is not redundant. This way you would have two methods of authentication with different names.

If you don't specify the name or use default when defining authentication for something like ppp or line vty or ... it will use the first line, uses the radius server to autheticate and if it failes uses the local database. On the other hand if you specify localauth as the name of authentication method somewhere, it will only use the local database.

 

[penghon]

oh i get it!
Man, thanks for the tip!

 

[BuckWeet]

easier terms would be the 'localauth' is your authentication profile, and you have to apply that profile to the *ty sessions, if you don't apply one, default is used..


BuckWeet