Deploying AAA Radius on working infrastructure

saddayzsaddayz Member Posts: 29 ■□□□□□□□□□
Hello,


Getting ready to deploy radius centralized authentication and authorization model to current DC network which now is based on local auth. I've some thoughts how to enable ir safely and not end into lockout situation. For example on different IOS devices make sure that i've console connection. Configure AAA methods not with default lists, but with explicitly named and enable it first on VTY lines and see If's working correctly. Also, always leave one session open and try to do new session with new tab. If everything is OK, do it on console line. Also IOS XRs've commit confirmed options.
Maybe you've some other practical advices ?


Thanks

Comments

  • ccnpninjaccnpninja Senior Member EuropeMember Posts: 1,010 ■■■□□□□□□□
    Get yourself a couple of sample devices to practice with. Do trial-and-error configurations with the named AAA Method lists. First don't use neither authentication nor authorization on the console.
    AAA can be tricky if you don't understand what the commads do. So take the time to learn that. The CCNA Security level books could help you with that.
    Once you tested your config (don't forget a fallback method to Local) on the lab, do it on a small scale and increase the diameter until full scale.

    I hope you get the idea.
Sign In or Register to comment.