Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco Router 2501 and Radius Server

Posted on 2004-07-30
7
Medium Priority
?
1,487 Views
Last Modified: 2012-05-05
Hi!
How can I configure cisco router 2501 aaa with Radius Server?
And if I use for dial-up (I have 8 async with 2501), how can I configure ppp with this Radius Server?
0
Comment
Question by:itman04
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11676101
You need to enable AAA globally on the router:

router>en
Password:
router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#aaa new-model

Then you need to define your radius server and shared key:

router>en
Password:
router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#radius-server host 192.168.0.10 <---your radius server IP address
router(config)#radius-server key cisco <---use your key, needs to be same as configured on radius server

You then need to setup AAA for PPP authentication, using the default keyword, all PPP sessions will use AAA.

router>en
Password:
router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
router(config)#aaa authentication ppp default group radius

You can use the keyword "none" after group radius to allow access if the radius server is down/unavailable.  If you don't specify an alternative authentication method and the radius server is down, the PPP users will not be allowed access.  Depends on your security policy on how to handle backup authentication.  You can also have more than one Radius server on your network for higher availability.
0
 

Author Comment

by:itman04
ID: 11683156
Thanks, and In command:aaa authentication ppp default group radius
I can understand default radius but  i don't know why use default group? What does this mean?
And if I use: aaa authentication login default radius enable. What does this mean?
And If I use radius with router 3600. Can I use these commands?
 
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 1000 total points
ID: 11692646
You can use either the "group radius" or the radius command.  The group radius would be used to specify a radius group created with the "aaa server group radius <name>" command.  Without naming a group, all radius servers using the "radius-server host" are used.  You can use either method.

If you use "aaa authentication login default radius enable" it means for example, when logging into the console or using telnet, the radius server will be contacted to authenticate the login to the router.  If the radius server is down (the router gets no response), the enable password configured on the router will be used to authenticate the login.  You can also use "none" at the end of the list in case the enable password is removed and the radius server is down.  If "none" is not specified in this situation, you would be locked out of the router.  It's up to you and how secure you want it.  The "default" keyword applies this to all lines that do not specify an authentication method.

Yes, should be the same with a 3600 router.
0
 

Author Comment

by:itman04
ID: 11733336
Wow, Thanks a lot. really clearly for me. Thanks.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11862245
Do you need further assistance? Can you close out this question now?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question