I will now begin elaborating on how you can set up FreeRadius to do simple PAP authentications required for AAA Login Authentication for Cisco routers/switches. You can build on this knowledge to set up more advanced features like EAP/MD5.
FreeRadius is an open-source RADIUS server capable of using local LDAP or integrate with Active Directory. FreeRadius listens to standards-based ports like TCP 1812 for Authentication/Authorization and TCP 1813 for Accounting.
To not bore you with too much of the details, let's install FreeRadius:
apt-get install freeradiusThe procedures required are similar to Windows. We first have to add a RADIUS client. To do this, modify the /etc/freeradius/clients.conf and add in the following:
client C2600 {
ipaddr = 1.1.1.1
secret = cisco
}Next, we add in the users. To do this, modify the /etc/users file and add in:
Kelvin Cleartext-Password := "kelvin"Now do a restart or a reload of the freeradius server and it's time to set up the router.
First of all, enable the new AAA model:
aaa new-modelNow, create some local users:
user cisco pass ciscoNow, set up AAA Login Authentication to use the Default Radius Group, then fall back to Local database if Radius is not available:
aaa authentication login default group radius loginAdd the server and the key:
radius-server host 1.1.1.2 auth-port 1812 acct-port 1813 key 0 ciscoFinally, set up Telnet to use the Radius group:
line vty 0 4
login authentication radius defaultNow login authentication for Cisco should be working fine!
No comments :
Post a Comment