Any good hints/links where is information how to start do authentication with microsoft ias server.
Now we use ssh to connect our devices but now is need to start to use aaa. Our devices are cisco 3500, 4500, 6500 series devices. Pictures, configuring examples anything is now needed.
Here are the IOS commands for setting up AAA,
Router(config)# username [username] password [password]
radius-server host [ip]
radius-server key [key]
aaa authentication login default group radius+ local
Guidelines for Placing Radius in the Network,
Hope that helps.
Please rate helpful posts
I have set router with commands and i can see from sniffer that my router sends 4 times Access reguest to MS IAS server but no response comes. My settings is now
aaa authentication login default group radius none
radius-server host 10.x.x.x auth-port 1645 acct-port 1646
radius-server source-ports 1645-1646
radius-server key mykey
radius-server vsa send authentication
MS IAS server is set to communicate with MS AD. I have set radius client(cisco device) and remote access policy to MS IAS but no response comes from that when i try to connect via vlan to my device. I found one advice how to set MS IAS but iam not sure is that OK. Any idea where to found advice what attributes and settings have to be set in MS IAS server so that i could login to my device with radius authentication.
That was very good pdf document. Now i can use radius and MS IAS successfully. Only one thing i cant understand. I can only use PAP protocol. If i try to use any other athentication fails. Usernames will sent in the clear. Is it really so that cisco devices does not support any other Authentication protocol.? Fortunately password is not in clear text because of shared secret.
The issue is not with Cisco. Telnet sessions uses PAP password authentication. Because of this reason, IAS authentication is working with PAP password and fails for other password authentication attempts.
PAP password authentication will send username is clear text and password is encrypted.
For other sessions like PPP, we can specify password authentication methods as CHAP or
Normally we use ssh when connect to device. My test device is now configured for telnet.
Is ssh able to use those better secure methods.
Is there any document where is explanation how does that algorithm work.(when using that shared security with pap) Our security people is not pleased because of that pap protocol. I could not found how is that password encrypted.
The password is encrypted using an MD5 hash when passed between the router and Radius and they use the shared secret as part of that hash. The RFCs can explain it a lot better than I can.
Hope that helps