Solved

Cisco Router 2501 and Radius Server

Posted on 2004-07-30
7
1,458 Views
Last Modified: 2012-05-05
Hi!
How can I configure cisco router 2501 aaa with Radius Server?
And if I use for dial-up (I have 8 async with 2501), how can I configure ppp with this Radius Server?
0
Comment
Question by:itman04
  • 3
  • 2
7 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11676101
You need to enable AAA globally on the router:

router>en
Password:
router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#aaa new-model

Then you need to define your radius server and shared key:

router>en
Password:
router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#radius-server host 192.168.0.10 <---your radius server IP address
router(config)#radius-server key cisco <---use your key, needs to be same as configured on radius server

You then need to setup AAA for PPP authentication, using the default keyword, all PPP sessions will use AAA.

router>en
Password:
router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#aaa authentication ppp default group radius

You can use the keyword "none" after group radius to allow access if the radius server is down/unavailable.  If you don't specify an alternative authentication method and the radius server is down, the PPP users will not be allowed access.  Depends on your security policy on how to handle backup authentication.  You can also have more than one Radius server on your network for higher availability.
0
 

Author Comment

by:itman04
ID: 11683156
Thanks, and In command:aaa authentication ppp default group radius
I can understand default radius but  i don't know why use default group? What does this mean?
And if I use: aaa authentication login default radius enable. What does this mean?
And If I use radius with router 3600. Can I use these commands?
 
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 250 total points
ID: 11692646
You can use either the "group radius" or the radius command.  The group radius would be used to specify a radius group created with the "aaa server group radius <name>" command.  Without naming a group, all radius servers using the "radius-server host" are used.  You can use either method.

If you use "aaa authentication login default radius enable" it means for example, when logging into the console or using telnet, the radius server will be contacted to authenticate the login to the router.  If the radius server is down (the router gets no response), the enable password configured on the router will be used to authenticate the login.  You can also use "none" at the end of the list in case the enable password is removed and the radius server is down.  If "none" is not specified in this situation, you would be locked out of the router.  It's up to you and how secure you want it.  The "default" keyword applies this to all lines that do not specify an authentication method.

Yes, should be the same with a 3600 router.
0
 

Author Comment

by:itman04
ID: 11733336
Wow, Thanks a lot. really clearly for me. Thanks.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11862245
Do you need further assistance? Can you close out this question now?
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now