5.1.d AAA with TACACS+ and RADIUS

it’s a little tricky but it works… and it’s free so you can get some stick time…


note that you have to match the specified ports in your router configuration..

when you configure the host cisco will default to the old ports… you have to manually add the newer specified ports to match winradius…

radius-server host auth-port 1645 acct-port 1646
radius-server host auth-port 1812 acct-port 1813

also aaa has to be enabled as well as the group, similar to tacacs:

aaa new-model

aaa authentication login default group radius none

but it will authenticate, see below:


see the ccna security lab manual for more details…

the winradius piece is also part of the ccnp switch net acad lab manual…