Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configure 2620 router to use external RADIUS server

I need some assistance in configuring my 2620 as a radius client and to send authentication requests to an external Microsoft RADIUS server (v1.0).

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname ras_2620

!

enable secret xxxx

!

username xxxx password 0 xxx

ip subnet-zero

ip domain-name mycompany.com

!

async-bootp dns-server x.x.x.x 172.16.2.6

!

!

!

interface Loopback0

ip address 192.168.175.1 255.255.255.0

no ip directed-broadcast

!

interface FastEthernet0/0

ip address x.x.x.x 255.255.255.192

no ip directed-broadcast

!

interface Serial0/0

no ip address

no ip directed-broadcast

shutdown

!

interface Serial0/1

no ip address

no ip directed-broadcast

shutdown

!

interface Group-Async1

ip unnumbered Loopback0

no ip directed-broadcast

encapsulation ppp

dialer in-band

dialer idle-timeout 600

dialer-group 1

async mode interactive

peer default ip address pool DIALIN

ppp authentication chap

group-range 33 40

!

ip local pool DIALIN 192.168.175.100 192.168.175.200

ip classless

ip route 0.0.0.0 0.0.0.0 207.43.100.1

no ip http server

!

dialer-list 1 protocol ip permit

!

line con 0

transport input none

line 33 40

autoselect ppp

modem InOut

transport input all

flowcontrol hardware

line aux 0

password x

login

!

end

  • Other Network Infrastructure Subjects
2 REPLIES
Bronze

Re: Configure 2620 router to use external RADIUS server

First of all configure:

aaa new-model

Then configure the ip address and key used by your radius server:

radius-server host x.x.x.x

radius-server key YourSecretKey

And configure authentication to use radius, e.g. for ppp:

aaa authentication ppp default group radius

If you want to use local authentication (i.e. the user/pass defined by statements like "username remote1 password 0 hello") as a backup for when your radius is unreachable, then change this to:

aaa authentication ppp default group radius local

If you also want your login authentication (i.e. when logging in on the router via telnet or console)to be done via Radius, add:

aaa authentication login default group radius

Idem, if you want to use the line password ("password hello") as a backup means of auth, then change this to

aaa authentication login default group radius line

Similarly you can use radius to authenticate "enable" by adding

aaa authentication enable default group radius [enable]

hth

Herbert

New Member

Re: Configure 2620 router to use external RADIUS server

hi herbert,

i found the "aaa new-model" command shortly after posting this question, so i was able to configure the radius information. thank you very much for replying.

369
Views
0
Helpful
2
Replies