
When configuring a Cisco [ASA](/asa) device to function in conjunction with a [RADIUS](/aaa-radius-vs-tacacs) server for [AAA](/aaa), there is an optional parameter called `radius-common-pw` that can be configured.  

This parameter is used internally by the ASA for its communication with the RADIUS server for all authorization transactions. The syntax is:

`radius-common-pw` _`string`_

In the context of RADIUS authentication, the authorization server requires both a username and password for each user attempting to connect. While the system automatically provides the username, the administrator must manually input a shared password. This password needs to be configured on the RADIUS server by its administrator to associate with all users authorizing through this particular system.

If a common password isn't specified, the system defaults to using each user's username as their password. However, this practice is not recommended if the RADIUS server is used for authorization elsewhere in the network, as it could pose a security risk.

So this configuration is optional, but the administrator of the RADIUS server must know what has been configured in order to correctly communicate with the ASA. Note also, that this password is used only for internal communication between the ASA and the RADIUS server, **and only for authorization mechanisms**. End users don’t need to know this password. They simply use their own credentials.

## Links

https://forum.networklessons.com/t/aaa-authentication-on-cisco-ios/1558/82?u=lagapidis

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/I-R/asa-command-ref-I-R/q-res-commands.html#wp1922415950

Cisco ASA radius-common-pw command

BGP neighbor-group

BGP paths indicated in the show ip bgp command

BGP peer groups

BGP peer templates

BGP peering redundancy using loopbacks

BGP regular expressions - use of 4-Byte ASNs

BGP regular expressions - use of backslash for confederations

BGP risk of using the as-override feature

BGP route dampening penalty half-life

BGP route refresh capability annoucement

BGP soft reconfiguration on Cisco ASA

BGP soft reconfiguration

BGP sub autonomous system

BGP table status codes

BGP traffic engineering

BGP using next-hop-self with a route reflector

BGP weight attribute default value

BGP when to use next-hop-self

BGP which address is used as the next hop

BGP why do we need an IGP for BGP to work

BGP why route dampening is obsolete

Best practice - concerning undebug all

Best practice - prevent connectivity loss of remote device

Bidirectional Forwarding Detection (BFD)

Broadcast MAC address

Broadcast traffic

CBC-MAC

CBWFQ and shaping

CCNP SCOR exam topics

CDP - best practices

CDP versions messages timers

CEF - Operation within a chassis switch

CEF Load Balancing Algorithm

CISCO ASA IKEv2 hub and spoke

CLI Filtering show commands

CPM - Cisco Performance Monitor

CPM - Collect keyword

CPM - match and collect keywords

Career study advice

Carrier-Grade NAT

Certificate Authority Structure

Certification Cisco exam topics blueprint

Certifications - Continuing Education Credits

Certifications - online remote proctored exams

Cisco ASA Active-Active

Cisco ASA Active-Standby failover preemption

Cisco ASA Active-Standby

Cisco ASA HTTPS server

Cisco ASA show listening ports

Cisco Anyconnect SSL WebVPN

Cisco CCDE practice lab example

Cisco CCDE technology

Cisco CCDE

Cisco Context-Based Access Control (CBAC)

Cisco Discovery Protocol (CDP)

Cisco Feature Navigator

Cisco IOS Auth Manager

Cisco IOS Firewall feature set

Cisco IOS Order of Operation

Cisco IOS XR

Cisco IOS show listening ports

Cisco IOS test aaa command

Cisco IOS

Cisco Identity Services Engine (ISE)

Cisco Network Data Platform (NDP)

Cisco Pagent Router

Cisco QoS HCF shaper and bandwidth inheritance

Cisco Quantum Flow Processor

Cisco SD-Access home lab

Cisco SD-WAN IPSec encapsulation on tunnel interface of vBond

Cisco SD-WAN Troubleshooting

Cisco SD-WAN backup vManage NMS configuration database

Cisco SD-WAN controller troubleshooting

Cisco SD-WAN export configs and files

Cisco SD-WAN export with python

Cisco SD-WAN lab options

Cisco SD-WAN rebranding

Cisco SD-WAN request upload

Cisco SD-WAN save command

Cisco SD-WAN scp command

Cisco SD-WAN vEdge Troubleshooting

Cisco SD-WAN vManage tail log

Cisco SD-WAN verify connectivity in Service VPN

Cisco SD-WAN viptela overlay network bringup

Cisco Switch Port Configuration for IP Phone

Cisco Validated Designs

Cisco's various lines of network switches

Class-Map - match statements

Classification and Marking of softphone applications

Cloud Service Model - Middleware

Cloud Service Model - Runtime

Cloud Service Models

Cloud service models - IaaS

Cloud service models - SaaS

CoPP - Best practices and operation

Configuration Register

Control Plane Policing (CoPP)

Control Plane Protection