how to configure RADIUS authentication on a Cisco router for telnet access

Posted: June 30, 2015 in CCNP
Tags: ,

 

This tutorial is all about how to configure RADIUS SERVER so that our  cisco router telnet get its access from RADIUS SERVER Configured.If you configure telnet on router it takes password which was assigned to it during telnet configuration,but after configuring RADIUS SERVER telnet will get it’s authentication from RADIUS SERVER.So after its configuration you will see that you will not be able to remote login to router R1 using telnet password,but you can remotely login to router R1 using telnet if you use the password mentioned in RADIUS SERVER.

To describe this lab i have used Packet Tracer to show you  how to configure RADIUS authentication on a CiscoTM 2811 router for telnet access.

Networks usually consist of a wide range of devices from different vendors that require some means of authenticating users before they are granted access to resources.

Remote Authentication Dial In User Service (RADIUS), is one means of countering this issue by providing a centralized infrastructure for authentication and accounting.

Now there are a lot of technical way to configuring devices for RADIUS and use it.But now here i am going to show you how to apply and configure it into any Cisco routers that you may have in your network for remote login authentication.

 

So First of all you must know What is RADIUS?

RADIUS is a widely implemented networking protocol sometimes referred to as a client/server protocol, which provides a centralized mechanism of administering user account information. These can be usernames, passwords and privilege levels for each account.

AAA which stands for Authentication, Authorization and Accounting, are the core foundations upon which RADIUS is built.
Authentication is the process by which the RADIUS server verifies the user requesting access before it is granted.

Authorization deals more with the level of access granted to a particular account.

Note:Before a device can become a RADIUS client it first must be configured with the same pre-shared key as is configured on the RADIUS server.

 

Whenever a user needs to access resources,like routers telnet or ssh services they are required to provide credentials so as to verify that they have the required privileges to get that level of access to the given resource; this may be access to a Router, Switch, Access Point, Firewall or just data on a File Server.

These credentials are passed to a RADIUS client who then forwards it to the RADIUS server. The RADIUS server queries the credentials against its database before a result of access-accept or access-reject is sent back to the RADIUS client.

Router R1 :

  • FastEthernet 0/0 : 192.168.1.1/24
  • FastEthernet 0/1 : 192.168.2.1/24

RADIUS Server : 192.168.1.2/24

Client (PC0) : 192.168.2.2/24

radius authentication

Step:1- First assign hostname and ip address on Router R1.

Router>enable

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname R1

R1(config)#int fa0/0

R1(config-if)#ip address 192.168.1.1 255.255.255.0

R1(config-if)#no shut

R1(config-if)#

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

R1(config-if)#exit

R1(config)#int fa0/1

R1(config-if)#ip address 192.168.2.1 255.255.255.0

R1(config-if)#no shut

 

 

Step2:Configure RADIUS SERVER(192.168.1.2)

radius server

 

Step:3-Now tell the router R1 that you want to use RADIUS SERVER for Authentication.

And also tell the router the ip address of RADIUS SERVER as you can see in above diagram,which is 192.168.1.2 and the shared secret which is p@ssword.

 

R1(config)#aaa new-model

R1(config)#radius-server host 192.168.1.2 key p@ssword

R1(config)#aaa authentication login default group radius local

R1(config)#line vty 0 5

R1(config-line)#login authentication default

R1(config-line)#

 

Step:4- Test telnet access from PC0.

 

PC>telnet 192.168.1.1

Trying 192.168.1.1 …Open

User Access Verification

Username: user1

Password:

If you have any doubt feel free to comment or suggest.
Comments
  1. very nice article ||
    i have one doubt?
    explain the code used in below line==>
    aaa authentication login default group radius local

    Liked by 1 person

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s