بحث هذه المدونة الإلكترونية

الاثنين، ١٥ أبريل ٢٠١٣

How To Manage Access To Cisco Devices Based On Active Directory Authentication


بسم الله والحمد لله والصلاة والسلام علي رسول الله وآله وصحبه وإخوانه وسلم

How To Manage Access To Cisco Devices Based On Active Directory Authentication

If you have many levels of administrators in your network and you want to give them different privileges, doing so using the local database on Cisco devices is not the optimal, you can grant them access based on the authentication against active directory database where the user will login to the device using his normal user name and password then he will be granted the privilege level that you assigned to his or her group.Note that this lab is done using GNS3 and Windows server 2008 R2.

 

The commands used on Cisco router:

aaa new-model
!
aaa group server radius IAS
 server 192.168.1.50 auth-port 1812 acct-port 1813
!
aaa authentication login userAuthentication local group IAS
aaa authorization exec userAuthorization local group IAS if-authenticated
aaa authorization network userAuthorization local group IAS
aaa accounting exec default start-stop group IAS
aaa accounting system default start-stop group IAS
!
aaa session-id common
radius-server host 192.168.1.50 auth-port 1645 acct-port 1646 key cisco
radius-server host 192.168.1.50 auth-port 1812 acct-port 1813 key cisco
!
privilege exec level 1 show config
privilege exec level 1 show ip interface brief
!
ip radius source-interface fa0/0
!
line vty 0 4
 authorization exec userAuthorization
 login authentication userAuthentication
 transport input ssh telnet
!
line vty 5 15
 authorization exec userAuthorization
 login authentication userAuthentication
 transport input ssh telnet

وصلي الله وسلم وبارك علي النبي وآله وصحبه وإخوانه وسلم