your inbound 'telnet' connections. You will need to create an entry
in your users file similar to the following to allow access:
- !root Password == "somepass"
+ !root Cleartext-Password := "somepass"
Service-Type = NAS-Prompt-User
This will let a user in for the first level of access to your Cisco. You
of access. The username '!root' was used as an example here, you can make
this any username you want, of course.
+1.1 Unique Acct-Session-Id's
+
+From: http://isp-lists.isp-planet.com/isp-australia/0201/msg05143.html
+
+Just a note to all cisco ISPs out there who want RFC2866 compliance need to
+enable the hidden command 'radius-server unique-ident <n>'
+
+Minimum IOS: 12.1(4.1)T.
+
+Acct-Session-Id should be unique and wrap after every 256 reboots.
+
+You must reboot after entering this command to take effect. If not, you
+will observe after 10 minutes
+of entering this command, the following message.
+
+%RADIUS-3-IDENTFAIL: Save of unique accounting ident aborted.
+
+
2. IOS 11.x
For Cisco 11.1, you normally use
radius-server timeout 3
-4. CREDITS
+To enable the Ascend style attributes (which we do NOT recommend!)
+
+ radius-server host X.Y.Z.A auth-port 1645 acct-port 1646 non-standard
+
+To disable the Ascend style attributes (which is a VERY good idea!):
+
+ radius-server host X.Y.Z.A auth-port 1645 acct-port 1646
+
+To see Cisco-AVPair attributes in the Cisco debugging log:
+
+ radius-server vsa accounting
+
+4. Cisco 36xx & 26xx, keeping the NAS IP static
+
+The Cisco 36/26 by default selects (it seems at random) any IP address
+assigned to it (serial, ethernet etc.) as it's RADIUS client source
+address, thus the access request may be dropped by the RADIUS server,
+because it can not verify the client. To make the cisco box always use
+one fixed address, add the following to your configuration:
+
+ ip radius source-interface Loopback0
+
+and configure the loopback interface on your router as follows:
+
+ interface Loopback0
+ ip address 192.168.0.250 255.255.255.255
+
+Use a real world IP address and check the Cisco documentation for why
+it is a good idea to have working loopback interface configured on
+your router.
+
+If you don't want to use the loopback interface of course you can set
+the source-interface to any interface on your Cisco box which has an
+IP address.
+
+
+5. CREDITS
Original - Alan DeKok <aland@ox.org>
12.x Info - Chris Parker <cparker@starnetusa.net> 2000-10-12
-5. MORE INFORMATION
+6. MORE INFORMATION
For more information, the following page on Cisco's web site may help: