IOS and IAS 1

[boymarty24]

Hi guys!

I wonder if there is a way to use ms IAS with cisco 1800/2800 series. I have done it several times with asa and pix but havent found any information with cisco IOS.

Anyone knows?

 

[chipk]

Assuming you're referring to MS RADIUS, I use IAS with IOS every day. What's your question?

 

[boymarty24]

Yeah i mean the radius server in IAS. I am looking for some config examples =)

I was looking for some documents on cisco homepage but couldnt find any. Do you have some links? easy to find for pix/asa but not the ios.

 

[chipk]

See if any of the links here help you out.

http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/secsols/aaasols/

Here's a sample config for you that should work.

aaa new-model
aaa authentication password-prompt Password:
aaa authentication username-prompt Username:
aaa authentication login default group radius local
aaa authentication ppp default group radius local
aaa authorization network users group radius
aaa accounting network default start-stop group radius
!
username exec privilege 15 password **********
!
!
.....
radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646 non-standard timeout 10 key *sharedkey*
!

The radius-server host is of course your Windows IAS server with a "client" config'd for this router. The Sharedkey is the key that you put on your IAS server and the router itself.

When searching on Cisco, you'll want to search for "aaa" not RADIUS. You'll get better results that way. AAA of course = Authentication, Authorization, Accounting.

Be sure to set this up in a lab and make sure you test authenticating before writing memory, I learned the hard way that if you don't do AAA correctly you can lock yourself out of a device pretty quickly.

 

[helpdeskdan]

Interesting - I was told it couldn't be done. Thanks for the info.

 

[chipk]

It may be that there's a particular ios level or something necessary, but I use this all over my network.

 

[boymarty24]

Thx alot m8!