Cisco RADIUS Server Configuration on Packet Tracer

In this Cisco Radius Configuration Example, we will configure Radius Server and a Cisco Router for RADIUS Authentication, for the users connected to the router via Cisco switch.

For out Radius Configuration Example, we will use the below Topology on Cisco Packet Tracer.

How can we configure RADIUS?

In this RADIUS Configuration Example, we will follow some steps on RADIUS Server, Cisco Router and the PCs. These  RADIUS Configuration steps are given below:

1. We will do the IP Configurations on both interfaces of the Router and PCs.
2. We will configure RADIUS Server IP Configuration.
3. RADIUS Settings on RADIUS Server will be configured.
4. Username and Password definitions will be set on RADIUS Server.
5. We will focus on the AAA Configurations on the router.
6. Laslty, we will verify our RADIUS Configuration.

Now, let’s see each configuration step detailly.

You can also Download Packet Tracer Labs

IP Configurations for RADIUS Configuration Example

IP Configurations for the router interfaces and the PCS, will be done according to the below IP information:

Router  Fa 0/0 : 10.0.0.1/24

Router  Fa 1/0 : 20.0.0.1/24

Arwen’s PC : 20.0.0.2/24

Aragorn’ PC : 20.0.0.3/24

On the PCs, IP Address, Subnet Mask and Default Gateway will be set. The configurations will be like below:

On the Router, we will configure both FastEthernet 0/0 and FastEthernet 1/0 with the above IP addresses. And we will open our interfaces with “no shutdown” command.

Router1 # configue terminal

Router1 (config)# interface fastethernet 0/0

Router1 (config-if)# ip address 10.0.0.1 255.255.255.0

Router1 (config-if)# no shutdown

Router1 (config-if)# exit

Router1 (config)# interface fastethernet 1/0

Router1 (config-if)# ip address 20.0.0.1 255.255.255.0

Router1 (config-if)# no shutdown

Router1 (config-if)# exit

RADIUS Server IP Configuration

RADIUS Server IP address will be 10.0.0.2 and subnet mask will be 255.255.255.0. We will configure this  IP address and subnet mask under the Config Tab of RADIUS Server.

RADIUS Settings on RADIUS Server

In this step, we will configure RADIUS setting under the Services Tab, AAA field. Here, we will set Client Name. This Client Name can be any name that you can give. But it is good to give a good name because it will show the router that is connected to the RADIUS Server. After that, we will define the IP address of the Client. This IP address is the interface address of the Router towards RADIUS Server.

We will select the Server Type. There will be RADIUS and TACACS+ choices. Here, our server will be RADIUS Serve, so, we will select RADIUS.

Lastly, we will define a Secret Key that will be used between RADIUS Server and the Router.

Username and Password Definitions on RADIUS Server

We will set the User names and the passwords for the users in the same page. Here we will use the below settings:

User : Aragorn                  Password : abcaragorn

User : Arwen                    Password : abcArwen

RADIUS Configuration on Cisco Router

In this step, firstly, we will configure the router with “aaa new-model” command. With this command, we will say the router that, we will use RADIUS or TACACS.

After that, we will set the RADIUS Server IP address. We will do this with “ radius-server host 10.0.0.2 key abc123” command. The IP address is the IP address of our server and the key is the secret key that we have configured on RADIUS Server.

Then, we will set RADIUS as the default login mode of the router  with “aaa authentication login default group radius local” command.

We will configure telnet logins with the default authentication and save the configuration.

Router1 (config)# aaa new-model

Router1 (config)# radius-server host 10.0.0.2 key abc123

Router1 (config)# aaa authentication login default group radius local

Router1 (config)# line vty 0 15

Router1 (config-line)# login authentication default

Router1 (config- line)# exit

Router1 (config)# exit

Router1 # copy running-config startup-config

RADIUS Configuration Verification

To verify our RADIUS Configuration, we will try to login to the router with our users. To do this, firstly, we will use “logout” command on the router. After that, when we try to connect to the router, it will ask username and password.

For Arwen user, we can enter the router with username “Arwen” and the password “abcArwen”.

Secondly, we can start a telnet session from the PCs to the router.

As you can see above, our RADIUS Authentication configuration is OK. We can connect to the router via both of our users. Arwen and Aragorn ;)

Become a Member!