• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

cisco IOS's limited RADIUS server abilities

X

xyyz

Diamond Member
i was reading the later versions of IOS made the routers into small RADIUS servers. i've been scouring the net for examples, but so far i haven't found anything.

can anyone shed any light on this?
 
Originally posted by: cpals
Not sure about the routers, but the AP's we have feature a local radius server feature.
Click to expand...

really? cool.


So wher do they get authentication confirmation from? They don't store any data locally do they?
 
The routers can be set up as radius servers as well as the APs. I have my 350 AP set up for Radius doing EAP-FAST right now.
 
So wher do they get authentication confirmation from? They don't store any data locally do they?
Click to expand...

Yes, they do. I had the opportunity to work with some 350s many moons ago and they were very easy to turn into radius servers with locally-stored profiles.

 
I'm pretty sure that you can't.

The APs running IOS (for Cisco APs) have a small (50 entry) RADIUS server built into the code.

Standard Router or Switch IOS doesn't have this code.

The APs can do LEAP & EAP-FAST or regular username/password (maybe MD5 too) ... the AP won't take an authentication cert, so PEAP & EAP-TLS are not available (from the AP's RADIUS).

FWIW

Scott
 
Originally posted by: ScottMac
I'm pretty sure that you can't.

The APs running IOS (for Cisco APs) have a small (50 entry) RADIUS server built into the code.

Standard Router or Switch IOS doesn't have this code.

The APs can do LEAP & EAP-FAST or regular username/password (maybe MD5 too) ... the AP won't take an authentication cert, so PEAP & EAP-TLS are not available (from the AP's RADIUS).

FWIW

Scott
Click to expand...

🙁
 
Some Cisco routers can be configured as a Radius server just like the APs. Just look and see if you have the "radius-server local" command to see if you can turn on the server. If it is not there you might need to up the IOS version.
 
Originally posted by: nightowl
Some Cisco routers can be configured as a Radius server just like the APs. Just look and see if you have the "radius-server local" command to see if you can turn on the server. If it is not there you might need to up the IOS version.
Click to expand...

thanks🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top