In Windows Server under administration tools click on Internet Authentication Service.
Right click on RADIUS Clients and click on “new RADIUS client” enter a friendly name and Client address. Click Next.
Type the shared secret password. You will need this later when you configure the Cisco switch. I used cisco as the shared secret for this example. Click finish and you should have this client added to your radius clients.
Login to 1.1.1.1 which is the IP address you added in IAS
from the Cisco switch configuration terminal enter the command below
aaa new-model
aaa authentication login RADIUS group radius line
radius-server host 192.168.1.200 auth-port 1645 acct-port 1646 key cisco
(Note: host is the ip address of your radius server and key is the shared secret key we entered from the Radius server when we created the client) If you have multiple radius servers you can add another one as a back up. Make sure that all the Radius servers are configured to accept request from all the radius clients.
line vty 0 4
login authentication RADIUS
line vty 5 15
password cisco
(Note: if for some reason the switch cannot get to the radius server you will be ask for the telnet password)
Log out and telnet to the switch you should get prompted for a username and password.
Next time I will show you how to add privilege commands to allow power users certain commands without the use of Cisco ACS.
No comments:
Post a Comment