Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
2509 RAS box using Radius
- Thread starter Mark192
- Start date
Here, this should be what you are looking for.
Router Configuration for AAA
Connect to Router go to exec mode, then global config mode:
If you are using secret then set it up if it’s not already done.
[SET USERS & PASSWORDS]
Router(config)# enable secret 123
Router(config)# username Sysadmin privilege 15 password yyy
Router(config)# service password-encryption (if not already performed)
Router(config)# aaa new-model
[SET BANNERS]
Router(config)# aaa authentication banner @
*** Unauthorized Access Prohibited!! ***
---------------------WARNING--------------------
You have reached a private network. All access is
monitored and logged. Any unauthorized access will
be prosecuted under all local, state and federal
laws.
---------------------WARNING--------------------
*** Unauthorized Access Prohibited!! *** @
Router(config)# aaa authentication fail-message @
*** Login Attempt Failed *** @
[SET AAA SERVICES]
Router(config)# aaa authentication login default radius local-case enable
Router(config)# aaa authorization exec radius if-authent local
Router(config)#aaa accounting update periodic 5
Router(config)# aaa accounting ?
commands For exec (shell) commands.
connection For outbound connections. (telnet, rlogin)
exec For starting an exec (shell).
nested When starting PPP from EXEC, generate
NETWORK records before EXEC-STOP record.
network For network services. (PPP, SLIP, ARAP)
send Send records to accounting server.
suppress Do not generate accounting records for a specific
type of user.
system For System events.
update Enable accounting update records.
(whatever you want logged into the accounting)
[SET SERVER ADDRESS]
Router(config)# radius-server {ip address of server}
Router(config)# radius-server challenge-noecho
[Set Login on Lines]
Router(config)# line 0 6
Router(config-line)# login authent default
Router(config-line)# exit
Router(config)# line vty 0 4
Router(config-line)# login authent default
Router(config-line)# exit
Router(config)# line con 0
Router(config-line)# login authent default
Router(config-line)# exit
Router(config)# line aux 0
Router(config-line)# login authent default
Router(config-line)# exit
[SYSLOG]
Router(config)# logging {ip address of syslog server, if we don’t have one I know
some good free ones.}
Router(config)# logging monitor ????? what you want monitored
Router(config)# logging on
Router(config)# ctrl+shift+6+z = ^z
[SAVE CONFIG]
Router# write mem or wr mem
Router# ping servers if you desire to test connectivity
What you should look like in a running-config:
Router# show run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
logging monitor critical (I only set critical could have others)
aaa new-model
aaa authentication banner ^C **Un-Authorized Access is Prohibited and Prosecute
ble by Law!!** ^C
aaa authentication fail-message ^C Loggin Attempt Has Failed ^C
aaa authentication login default radius local-case enable
aaa authorization exec default radius if-authenticated local
aaa accounting update periodic 5
aaa accounting exec default start-stop radius
aaa accounting commands 15 default start-stop radius
aaa accounting system default start-stop radius
enable secret 5 $1$U5Y5$Ni4MZ9PcO7OtWsPgtLAAM.
!
username SysAdmin privilege 15 password 7 09555710
ip subnet-zero
!
!
!
interface Ethernet0
ip address 10.3.1.1 255.255.0.0
no ip directed-broadcast
!
interface Serial0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
router ospf 11
network 10.3.0.0 0.0.0.0 area 0
!
ip classless
!
radius-server host 10.3.1.3 auth-port 1645 acct-port 1646
radius-server challenge-noecho
!
line con 0
transport input none
line aux 0
line vty 0 4
!
end
Router Configuration for AAA
Connect to Router go to exec mode, then global config mode:
If you are using secret then set it up if it’s not already done.
[SET USERS & PASSWORDS]
Router(config)# enable secret 123
Router(config)# username Sysadmin privilege 15 password yyy
Router(config)# service password-encryption (if not already performed)
Router(config)# aaa new-model
[SET BANNERS]
Router(config)# aaa authentication banner @
*** Unauthorized Access Prohibited!! ***
---------------------WARNING--------------------
You have reached a private network. All access is
monitored and logged. Any unauthorized access will
be prosecuted under all local, state and federal
laws.
---------------------WARNING--------------------
*** Unauthorized Access Prohibited!! *** @
Router(config)# aaa authentication fail-message @
*** Login Attempt Failed *** @
[SET AAA SERVICES]
Router(config)# aaa authentication login default radius local-case enable
Router(config)# aaa authorization exec radius if-authent local
Router(config)#aaa accounting update periodic 5
Router(config)# aaa accounting ?
commands For exec (shell) commands.
connection For outbound connections. (telnet, rlogin)
exec For starting an exec (shell).
nested When starting PPP from EXEC, generate
NETWORK records before EXEC-STOP record.
network For network services. (PPP, SLIP, ARAP)
send Send records to accounting server.
suppress Do not generate accounting records for a specific
type of user.
system For System events.
update Enable accounting update records.
(whatever you want logged into the accounting)
[SET SERVER ADDRESS]
Router(config)# radius-server {ip address of server}
Router(config)# radius-server challenge-noecho
[Set Login on Lines]
Router(config)# line 0 6
Router(config-line)# login authent default
Router(config-line)# exit
Router(config)# line vty 0 4
Router(config-line)# login authent default
Router(config-line)# exit
Router(config)# line con 0
Router(config-line)# login authent default
Router(config-line)# exit
Router(config)# line aux 0
Router(config-line)# login authent default
Router(config-line)# exit
[SYSLOG]
Router(config)# logging {ip address of syslog server, if we don’t have one I know
some good free ones.}
Router(config)# logging monitor ????? what you want monitored
Router(config)# logging on
Router(config)# ctrl+shift+6+z = ^z
[SAVE CONFIG]
Router# write mem or wr mem
Router# ping servers if you desire to test connectivity
What you should look like in a running-config:
Router# show run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
logging monitor critical (I only set critical could have others)
aaa new-model
aaa authentication banner ^C **Un-Authorized Access is Prohibited and Prosecute
ble by Law!!** ^C
aaa authentication fail-message ^C Loggin Attempt Has Failed ^C
aaa authentication login default radius local-case enable
aaa authorization exec default radius if-authenticated local
aaa accounting update periodic 5
aaa accounting exec default start-stop radius
aaa accounting commands 15 default start-stop radius
aaa accounting system default start-stop radius
enable secret 5 $1$U5Y5$Ni4MZ9PcO7OtWsPgtLAAM.
!
username SysAdmin privilege 15 password 7 09555710
ip subnet-zero
!
!
!
interface Ethernet0
ip address 10.3.1.1 255.255.0.0
no ip directed-broadcast
!
interface Serial0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
router ospf 11
network 10.3.0.0 0.0.0.0 area 0
!
ip classless
!
radius-server host 10.3.1.3 auth-port 1645 acct-port 1646
radius-server challenge-noecho
!
line con 0
transport input none
line aux 0
line vty 0 4
!
end
- Status
Similar threads
- Locked
- Question
- Locked
- Question