10-13-2003 12:40 PM - edited 03-02-2019 10:58 AM
I need some assistance in configuring my 2620 as a radius client and to send authentication requests to an external Microsoft RADIUS server (v1.0).
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ras_2620
!
enable secret xxxx
!
username xxxx password 0 xxx
ip subnet-zero
ip domain-name mycompany.com
!
async-bootp dns-server x.x.x.x 172.16.2.6
!
!
!
interface Loopback0
ip address 192.168.175.1 255.255.255.0
no ip directed-broadcast
!
interface FastEthernet0/0
ip address x.x.x.x 255.255.255.192
no ip directed-broadcast
!
interface Serial0/0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial0/1
no ip address
no ip directed-broadcast
shutdown
!
interface Group-Async1
ip unnumbered Loopback0
no ip directed-broadcast
encapsulation ppp
dialer in-band
dialer idle-timeout 600
dialer-group 1
async mode interactive
peer default ip address pool DIALIN
ppp authentication chap
group-range 33 40
!
ip local pool DIALIN 192.168.175.100 192.168.175.200
ip classless
ip route 0.0.0.0 0.0.0.0 207.43.100.1
no ip http server
!
dialer-list 1 protocol ip permit
!
line con 0
transport input none
line 33 40
autoselect ppp
modem InOut
transport input all
flowcontrol hardware
line aux 0
password x
login
!
end
10-13-2003 10:22 PM
First of all configure:
aaa new-model
Then configure the ip address and key used by your radius server:
radius-server host x.x.x.x
radius-server key YourSecretKey
And configure authentication to use radius, e.g. for ppp:
aaa authentication ppp default group radius
If you want to use local authentication (i.e. the user/pass defined by statements like "username remote1 password 0 hello") as a backup for when your radius is unreachable, then change this to:
aaa authentication ppp default group radius local
If you also want your login authentication (i.e. when logging in on the router via telnet or console)to be done via Radius, add:
aaa authentication login default group radius
Idem, if you want to use the line password ("password hello") as a backup means of auth, then change this to
aaa authentication login default group radius line
Similarly you can use radius to authenticate "enable" by adding
aaa authentication enable default group radius [enable]
hth
Herbert
10-14-2003 06:53 AM
hi herbert,
i found the "aaa new-model" command shortly after posting this question, so i was able to configure the radius information. thank you very much for replying.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: