Solved

Cisco Router 2501 and Radius Server

Posted on 2004-07-30
7
1,455 Views
Last Modified: 2012-05-05
Hi!
How can I configure cisco router 2501 aaa with Radius Server?
And if I use for dial-up (I have 8 async with 2501), how can I configure ppp with this Radius Server?
0
Comment
Question by:itman04
  • 3
  • 2
7 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11676101
You need to enable AAA globally on the router:

router>en
Password:
router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#aaa new-model

Then you need to define your radius server and shared key:

router>en
Password:
router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#radius-server host 192.168.0.10 <---your radius server IP address
router(config)#radius-server key cisco <---use your key, needs to be same as configured on radius server

You then need to setup AAA for PPP authentication, using the default keyword, all PPP sessions will use AAA.

router>en
Password:
router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#aaa authentication ppp default group radius

You can use the keyword "none" after group radius to allow access if the radius server is down/unavailable.  If you don't specify an alternative authentication method and the radius server is down, the PPP users will not be allowed access.  Depends on your security policy on how to handle backup authentication.  You can also have more than one Radius server on your network for higher availability.
0
 

Author Comment

by:itman04
ID: 11683156
Thanks, and In command:aaa authentication ppp default group radius
I can understand default radius but  i don't know why use default group? What does this mean?
And if I use: aaa authentication login default radius enable. What does this mean?
And If I use radius with router 3600. Can I use these commands?
 
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 250 total points
ID: 11692646
You can use either the "group radius" or the radius command.  The group radius would be used to specify a radius group created with the "aaa server group radius <name>" command.  Without naming a group, all radius servers using the "radius-server host" are used.  You can use either method.

If you use "aaa authentication login default radius enable" it means for example, when logging into the console or using telnet, the radius server will be contacted to authenticate the login to the router.  If the radius server is down (the router gets no response), the enable password configured on the router will be used to authenticate the login.  You can also use "none" at the end of the list in case the enable password is removed and the radius server is down.  If "none" is not specified in this situation, you would be locked out of the router.  It's up to you and how secure you want it.  The "default" keyword applies this to all lines that do not specify an authentication method.

Yes, should be the same with a 3600 router.
0
 

Author Comment

by:itman04
ID: 11733336
Wow, Thanks a lot. really clearly for me. Thanks.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11862245
Do you need further assistance? Can you close out this question now?
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now