Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

IAS 2003 and IOS authentication using Radius protocol for Administrative access

This document will give you the bare minimum to provide RADIUS authentication to your Cisco Devices using Microsoft Internet Authentication Service (IAS) RADIUS server. Using RADIUS on your Microsoft server to authenticate Cisco devices allows you to use the same usernames and passwords on your Windows servers and Cisco devices.


1) Install IAS

2) Configure IAS

3) Configure Cisco Device

4) Test

1) Install IAS

Click "Start > Control Panel > Add & Remove Programs"
Click "Add/Remove Windows Components"
Double-Click "Networking Services"
Select "Internet Authentication Service"
Click "Ok"

2) Configure IAS

Click "Start>Programs>Administrative Tools>Internet Authentication Service"

*** Create Remote access Policy *** (left Pane)

Select "Remote Access Policies"
(right pane) Delete all policies
(right pane) Right-Click and Select "New Remote Access Policy"
Click "Next" Select "Set up a custom policy" and give it a name
Click "Next"
Click "Add"
Select "Windows Groups"
Click "Add" Type "Domain Admins" (or any other group you would like to use)
Click "Ok"
Click "Next"
Select "Grant remote access permission"
Click "Next"
Click "Edit Profile"
Select the "Authentication" tab
Select "Unencrypted Authentication" only
Select the "Advanced" tab
Change the service-type from "framed" to "login"
Delete "Framed-Protocol" Click "Add"
Select "Vendor Specific" Click "Add"
Select "Cisco" from the drop-down box
Select "Yes. It conforms" Click "Configure Attribute"
Change Attribute Number to "1"
Set the Attribute Format to "String"
Type "shell:priv-lvl=15" in the Attribute Value field
Click "Ok"
Click "Ok"
Click "Close"

If you get an error, select yes or no …. it doesn’t matter.

Click "Next"
Click "Finish"

*** Add Radius Clients ***

(Left Pane) Click "RADIUS Clients"
(Right Pane) Right-Click and click "New Radius Client"
Give the client a friendly name and enter the ip address
Click "Next"
Enter a shared secret password
Click "Finish"

3) Configure Cisco Device

*** IOS Configuration ***
aaa new-model

radius-server host key P@ssw0rd

ip radius source-interface f0/0

aaa authentication login default group radius

aaa authorization exec default group radius

local line vty 0 4
   login authentication default

  authorization exec default



Version history
Revision #:
1 of 1
Last update:
‎06-03-2013 01:16 PM
Updated by:
Labels (1)
New Member

Hi Minskshi,

Please could you provide us step by step configuration for better understanding.


Anuj Kumar.