Figure 23: FTP Configuration Example
In this example, two FTP lines are required for administrators on the data center
subnet, and two more lines are required for users on the POP subnet. The system
verifies passwords of administrators on the data center subnet through either a
RADIUS server or through simple line authentication if the RADIUS server is
unreachable. However, the system verifies passwords of users on the POP subnet
only through the RADIUS server.
The following example shows all steps for configuring this scenario, from specifying
a RADIUS server to enabling the FTP line:
1. Configure the RADIUS server.
host1(config)#radius authentication server 10.6.131.51
host1(config-radius)#key abc123
host1(config-radius)#udp-port 1645
2. Configure two access lists—one named “ DataCenter,” permitting only the data
center subnet, and one named “ Pops,” permitting only the POP subnet.
host1(config)#access-list DataCenter permit 10.6.128.0 255.255.128.0
host1(config)#access-list DataCenter deny any
host1(config)#access-list Pops permit 199.125.128.0 255.255.128.0
host1(config)#access-list Pops deny any
3. Configure two authentication method lists, named “ RadiusAndLine” and “
RadiusOnly.”
host1(config)#aaa new-model
host1(config)#aaa authentication login RadiusAndLine radius line
host1(config)#aaa authentication login RadiusOnly radius
4. Configure two FTP lines to be used by data center administrators.
host1(config)#line vty 0 1
host1(config-line)#password foobar
host1(config-line)#access-class DataCenter in
host1(config-line)#login authentication RadiusAndLine
5. Configure the remaining FTP lines to be used by POP administrators.
host1(config)#line vty 2 4
host1(config-line)#password foobar
host1(config-line)#access-class Pops in
host1(config-line)#login authentication RadiusOnly
Transferring Files ■ 311
Chapter 5: Managing the System
To Next Page
Loading...