In this RADIUS Configuration Example, we will configure RADIUS Server and a Cisco Router for RADIUS Authentication, for the users connected to the router via Cisco switch.
For out RADIUS Configuration Example, we will use the below topology on Cisco Packet Tracer.
How can we configure RADIUS?
In this RADIUS Configuration Example, we will follow some steps on RADIUS Server, Cisco Router and the PCs. These RADIUS Configuration steps are given below:
- We will do the IP Configurations on both interfaces of the Router and PCs.
- We will configure RADIUS Server IP Configuration.
- RADIUS Settings on RADIUS Server will be configured.
- Username and Password definitions will be set on RADIUS Server.
- We will focus on the AAA Configurations on the router.
- Laslty, we will verify our RADIUS Configuration.
Now, let’s see each configuration step detailly.
IP Configurations for RADIUS Configuration Example
IP Configurations for the router interfaces and the PCS, will be done according to the below IP information:
Router Fa 0/0 : 10.0.0.1/24
Router Fa 1/0 : 20.0.0.1/24
Arwen’s PC : 20.0.0.2/24
Aragorn’ PC : 20.0.0.3/24
On the PCs, IP Address, Subnet Mask and Default Gateway will be set. The configurations will be like below:
On the Router, we will configure both FastEthernet 070 and FastEthernet 1/0 with the above IP addresses. And we will open our interfaces with “no shutdown” command.
Router1 # configue terminal Router1 (config)# interface fastethernet 0/0 Router1 (config-if)# ip address 10.0.0.1 255.255.255.0 Router1 (config-if)# no shutdown Router1 (config-if)# exit Router1 (config)# interface fastethernet 1/0 Router1 (config-if)# ip address 20.0.0.1 255.255.255.0 Router1 (config-if)# no shutdown Router1 (config-if)# exit
RADIUS Server IP Configuration
RADIUS Server IP address will be 10.0.0.2 and subnet mask will be 255.255.255.0. We will configure this IP address and subnet mask under the Config Tab of RADIUS Server.
RADIUS Settings on RADIUS Server
In this step, we will configure RADIUS setting under the Services Tab, AAA field. Here, we will set Client Name. This Client Name can be any name that you can give. But it is good to give a good name because it will show the router that is connected to the RADIUS Server. After that, we will define the IP address of the Client. This IP address is the interface address of the Router towards RADIUS Server.
We will select the Server Type. There will be RADIUS and TACACS+ choices. Here, our server will be RADIUS Serve, so, we will select RADIUS.
Lastly, we will define a Secret Key that will be used between RADIUS Server and the Router.
Username and Password Definitions on RADIUS Server
We will set the Usernames and the passwords for the users in the same page. Here we will use the below settings:
User : Aragorn Password : abcaragorn
User : Arwen Password : abcArwen
RADIUS Configuration on Cisco Router
In this step, firstly, we will configure the router with “aaa new-model” command. With this command, we will say the router that, we will use RADIUS or TACACS.
After that, we will set the RADIUS Server IP address. We will do this with “ radius-server host 10.0.0.2 key abc123” command. The IP address is the IP address of our server and the key is the secret key that we have configured on RADIUS Server.
Then, we will set RADIUS as the default login mode of the router with “aaa authentication login default group radius local” command.
We will configure telnet logins with the default authentication. And save the configuration.
Router1 (config)# aaa new-model Router1 (config)# radius-server host 10.0.0.2 key abc123 Router1 (config)# aaa authentication login default group radius local