Configure a Cisco Router to Access a AAA RADIUS Server

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

this video I'm going to set up triple-a authentication to a radius server from router are one two my radius server at PCA to do this I'll need to configure the radius commands on the router as well as set up the radius server let's get started I've launched the win radius server you can see here from the message that zero users were loaded so I'll need to create some users win radius is running and using authentication port 1812 an accounting port 1813 the secret is win radius I'm going to change the secret so I'll go to settings system and I'll change the secret from win radius to win radius secret you can see that the authorization port is 1812 in the accounting port is 1813 also I'll need to create some users I'll go to operation add users and I'm going to add a few users my first user will be admin 0 1 and the password will be admin 0 1 Pass I'll add another user capital R ad R add user for radius user and the password capital r ad Capitol PA SS so now I have to user accounts that I've added to the win radius server since I've changed the secret key I'll need to restart the server the server has restarted and you can see that I have two users loaded if you have any problems running the win radius server try running it with administrative permissions or with the Preferences set to windows xp service pack 3 now that the win radius server is running I'll switch to my console connection to router r1 I'll type in able and compte to get to global configuration mode now the first thing that I'm going to do I'm planning on using SSH to remotely connect into my router but have the wind radius server handle the authentication if I'm going to use SSH I'm going to need a domain name so I'll type IP domain - name Cisco - Academy and set the domain name next I'll need some cryptographic keys if we're planning on using SSH so I'll type crypto key generate RSA general keys modulus 2048 my security keys have been created and ssh has been enabled i'm going to need a fallback in case my radius server fails to do this i'm going to create a local user account on the router i'll type in username admin local i'll use the algorithm type command and set it to script and set the secret to cisco one two three four five just for example purposes now that that's done i'll need to enable triple-a authentication so I'll type triple-a and then new model and that enables Triple A authentication now I'll set my Triple A authentication login methods the first login method that I'll set will be the default login method and I'll set the group to radius so we'll use radius first but if the radius server is not available or fails I'll set a secondary default authentication to the local user database I'm also going to need a Triple A authentication login and I'll name this method list ssh underscore radius this method list will rely solely on the radius server my to triple-a authentication login method lists have been created and now i need to configure the radius server I'll type in radius server and give it a name my rad and now I'll set the address the address of the server is address ipv4 192.168.1.3 that's the pc that has the win radius server I'll set the authentication port to 1812 and the accounting port to 1813 by default the Cisco router uses ports 1645 in 1646 to handle radius authentication and radius accounting the RFC standard ports are 1812 in 1813 and those are the ports that might win radius server is using I'll also need to set the key so I'll type in key 0 and set the key to our win radius secret which is win radius secret now my radius server configurations are complete I'll need to setup my line console 0 and my line vty so line console 0 login I'm going to use Triple A authentication the default method list for line vty 0 to 4 I'm going to use transport input SSH and my login authentication list is ssh underscore radius before I exit the router and try this out I also want to set my enable secret to do this I'll use the algorithm type 2 script and set the secret to class 1 2 3 4 5 for example purposes I'll save my configuration with a copy run start command and now I can test out my radius server to test it out I'll exit out of the router log back in but I'll use my user account that I created on the win radius server that username was admin 0 1 and the password was admin 0 1 pass you can see that I got into the router just fine if we look at the radius server you can see that the authentication happened and was ok user admin 0 1 authenticate ok now what if the radius server was to go down I'll go to operation exit I'll exit out of my router and now I'll try to get in if I use the admin 0 1 account and put in admin 0 1 pass it's going to fail because the win radius server is no longer available let's try the admin local account that I created as a fail-safe I'll put in the username admin local and the password Cisco 1 2 3 4 5 and you can see that I logged in with the radius server unavailable the router defaulted to the local user database to handle the login excellent I'll exit out of the router restart the win radius server and this time I'll try to ssh into the router I'll open up putty and choose SSH put in the IP address of the router and hit open you can see I'm prompted to accept the routers security keys I'll click yes and you can see I have a prompt that says log in as I'll type in capital R rad capital u user and the password capital R rad capital P Pass and you can see I've logged into the router I can exit out and login again as admin 0 1 and the password admin 0 1 Pass and as you can see I've successfully ssh into the router using the radius server for the authentication

Info

Channel: techIT

Views: 860

Rating: undefined out of 5

Keywords:

Id: Bes_iugJG8s

Channel Id: undefined

Length: 10min 0sec (600 seconds)

Published: Tue Jun 02 2020