Thanks to Dave and Doug for replying to my earlier post. I now have my
2600s authenticating to a Radius server.However, I have run into another issue I hope someone can help me with.
On my Juniper SBR radius server, I have set up two active directory groups for domain authentication against the radius server. I have a Cisco VPN Client group, and a Cisco Router Admin group.
Practically everyone in the company is in the Cisco VPN Client group. Conversely, only 5 of us are in the Cisco Router Admins group.
When I remove Joe from the Cisco Router Admins group, he is still able to log on to our Cisco routers. I have confirmed that this is because he is still a member of the Cisco VPN Client group.
More alarming, it appear that everyone in the Cisco VPN Client group is authorized to login to our routers.
Is there a way to configure the radius server so that it knows which resources a group should have access to? I suppose my main concern is that anyone who is a member of any group on the radius server will have access to any of our devices that are authenticating against that server, regardless of type of device, job function, etc.