To describe this lab i have used Packet Tracer to show you how to configure RADIUS authentication on a CiscoTM 2811 router for telnet access.
Networks usually consist of a wide range of devices from different vendors that require some means of authenticating users before they are granted access to resources.
Remote Authentication Dial In User Service (RADIUS), is one means of countering this issue by providing a centralized infrastructure for authentication and accounting.
Now there are a lot of technical way to configuring devices for RADIUS and use it.But now here i am going to show you how to apply and configure it into any Cisco routers that you may have in your network for remote login authentication.
So First of all you must know What is RADIUS?
RADIUS is a widely implemented networking protocol sometimes referred to as a client/server protocol, which provides a centralized mechanism of administering user account information. These can be usernames, passwords and privilege levels for each account.
AAA which stands for Authentication, Authorization and Accounting, are the core foundations upon which RADIUS is built.
Authentication is the process by which the RADIUS server verifies the user requesting access before it is granted.
Authorization deals more with the level of access granted to a particular account.
Note:Before a device can become a RADIUS client it first must be configured with the same pre-shared key as is configured on the RADIUS server.
These credentials are passed to a RADIUS client who then forwards it to the RADIUS server. The RADIUS server queries the credentials against its database before a result of access-accept or access-reject is sent back to the RADIUS client.
Router R1 :
- FastEthernet 0/0 : 192.168.1.1/24
- FastEthernet 0/1 : 192.168.2.1/24
RADIUS Server : 192.168.1.2/24
Client (PC0) : 192.168.2.2/24
Step:1- First assign hostname and ip address on Router R1.
Enter configuration commands, one per line. End with CNTL/Z.
R1(config-if)#ip address 192.168.1.1 255.255.255.0
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#ip address 192.168.2.1 255.255.255.0
Step2:Configure RADIUS SERVER(192.168.1.2)
Step:3-Now tell the router R1 that you want to use RADIUS SERVER for Authentication.
And also tell the router the ip address of RADIUS SERVER as you can see in above diagram,which is 192.168.1.2 and the shared secret which is p@ssword.
R1(config)#radius-server host 192.168.1.2 key p@ssword
R1(config)#aaa authentication login default group radius local
R1(config)#line vty 0 5
R1(config-line)#login authentication default
Step:4- Test telnet access from PC0.
Trying 192.168.1.1 …Open
User Access Verification