To describe this lab i have used Packet Tracer to show you  how to configure RADIUS authentication on a Cisco^TM 2811 router for telnet access.

Networks usually consist of a wide range of devices from different vendors that require some means of authenticating users before they are granted access to resources.

Remote Authentication Dial In User Service (RADIUS), is one means of countering this issue by providing a centralized infrastructure for authentication and accounting.

Now there are a lot of technical way to configuring devices for RADIUS and use it.But now here i am going to show you how to apply and configure it into any Cisco routers that you may have in your network for remote login authentication.

 

So First of all you must know What is RADIUS?

RADIUS is a widely implemented networking protocol sometimes referred to as a client/server protocol, which provides a centralized mechanism of administering user account information. These can be usernames, passwords and privilege levels for each account.

AAA which stands for Authentication, Authorization and Accounting, are the core foundations upon which RADIUS is built.
Authentication is the process by which the RADIUS server verifies the user requesting access before it is granted.

Authorization deals more with the level of access granted to a particular account.

Note:Before a device can become a RADIUS client it first must be configured with the same pre-shared key as is configured on the RADIUS server.

 

Whenever a user needs to access resources,like routers telnet or ssh services they are required to provide credentials so as to verify that they have the required privileges to get that level of access to the given resource; this may be access to a Router, Switch, Access Point, Firewall or just data on a File Server.

These credentials are passed to a RADIUS client who then forwards it to the RADIUS server. The RADIUS server queries the credentials against its database before a result of access-accept or access-reject is sent back to the RADIUS client.

Router R1 :

• FastEthernet 0/0 : 192.168.1.1/24
• FastEthernet 0/1 : 192.168.2.1/24

RADIUS Server : 192.168.1.2/24

Client (PC0) : 192.168.2.2/24

Step:1- First assign hostname and ip address on Router R1.

Router>enable

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname R1

R1(config)#int fa0/0

R1(config-if)#ip address 192.168.1.1 255.255.255.0

R1(config-if)#no shut

R1(config-if)#

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

R1(config-if)#exit

R1(config)#int fa0/1

R1(config-if)#ip address 192.168.2.1 255.255.255.0

R1(config-if)#no shut

Step2:Configure RADIUS SERVER(192.168.1.2)

Step:3-Now tell the router R1 that you want to use RADIUS SERVER for Authentication.

And also tell the router the ip address of RADIUS SERVER as you can see in above diagram,which is 192.168.1.2 and the shared secret which is p@ssword.

R1(config)#aaa new-model

R1(config)#radius-server host 192.168.1.2 key p@ssword

R1(config)#aaa authentication login default group radius local

R1(config)#line vty 0 5

R1(config-line)#login authentication default

R1(config-line)#

Step:4- Test telnet access from PC0.

PC>telnet 192.168.1.1

Trying 192.168.1.1 …Open

User Access Verification

Username: user1

Password:

If you want to Learn how to configure RadiusServer on A Linux Machine,watch this Video.