how to configure RADIUS authentication on a Cisco router for telnet access

Posted: 30 Jun 2015 in CCNP
Tags: , , , , ,


This tutorial is all about how to configure RADIUS SERVER so that our  cisco router telnet get its access from RADIUS SERVER Configured.If you configure telnet on router it takes password which was assigned to it during telnet configuration,but after configuring RADIUS SERVER telnet will get it’s authentication from RADIUS SERVER.So after its configuration you will see that you will not be able to remote login to router R1 using telnet password,but you can remotely login to router R1 using telnet if you use the password mentioned in RADIUS SERVER.

To describe this lab i have used Packet Tracer to show you  how to configure RADIUS authentication on a CiscoTM 2811 router for telnet access.

Networks usually consist of a wide range of devices from different vendors that require some means of authenticating users before they are granted access to resources.

Remote Authentication Dial In User Service (RADIUS), is one means of countering this issue by providing a centralized infrastructure for authentication and accounting.

Now there are a lot of technical way to configuring devices for RADIUS and use it.But now here i am going to show you how to apply and configure it into any Cisco routers that you may have in your network for remote login authentication.


So First of all you must know What is RADIUS?

RADIUS is a widely implemented networking protocol sometimes referred to as a client/server protocol, which provides a centralized mechanism of administering user account information. These can be usernames, passwords and privilege levels for each account.

AAA which stands for Authentication, Authorization and Accounting, are the core foundations upon which RADIUS is built.
Authentication is the process by which the RADIUS server verifies the user requesting access before it is granted.

Authorization deals more with the level of access granted to a particular account.

Note:Before a device can become a RADIUS client it first must be configured with the same pre-shared key as is configured on the RADIUS server.


Whenever a user needs to access resources,like routers telnet or ssh services they are required to provide credentials so as to verify that they have the required privileges to get that level of access to the given resource; this may be access to a Router, Switch, Access Point, Firewall or just data on a File Server.

These credentials are passed to a RADIUS client who then forwards it to the RADIUS server. The RADIUS server queries the credentials against its database before a result of access-accept or access-reject is sent back to the RADIUS client.

Router R1 :

  • FastEthernet 0/0 :
  • FastEthernet 0/1 :

RADIUS Server :

Client (PC0) :

radius authentication

Step:1- First assign hostname and ip address on Router R1.


Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname R1

R1(config)#int fa0/0

R1(config-if)#ip address

R1(config-if)#no shut


%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up


R1(config)#int fa0/1

R1(config-if)#ip address

R1(config-if)#no shut



Step2:Configure RADIUS SERVER(

radius server


Step:3-Now tell the router R1 that you want to use RADIUS SERVER for Authentication.

And also tell the router the ip address of RADIUS SERVER as you can see in above diagram,which is and the shared secret which is p@ssword.


R1(config)#aaa new-model

R1(config)#radius-server host key p@ssword

R1(config)#aaa authentication login default group radius local

R1(config)#line vty 0 5

R1(config-line)#login authentication default



Step:4- Test telnet access from PC0.



Trying …Open

User Access Verification

Username: user1



If you want to Learn how to configure RadiusServer on A Linux Machine,watch this Video.

If you have any doubt feel free to comment or suggest.
  1. Sanjay choudhary says:

    very nice article ||
    i have one doubt?
    explain the code used in below line==>
    aaa authentication login default group radius local

    Liked by 1 person

  2. Very nice, and structured tutorial. Thank you


  3. why its “no password set” when i try to enable the router?

    Liked by 1 person

  4. sreenivasulu says:

    good and simply but i need step by step how to reach packets also depending on layers (l2/l3)

    Liked by 1 person

  5. Carlos Daniel says:

    When you configure RADIUS server you don’t need to configure VTY lines on the router, “DEFAULT” makes it works as i say. And you need to configure a username/password as a backup for local authentication in case that RADIUS server isn’t available, otherwise you won’t have access to the Router until your Server is online again.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.