Using WIN2008R2 as a RADIUS server-Cisco device Chapter

Last Update:2016-08-15 Source: Internet

Author: User

Tags configuration settings

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

win2008r2 do Radius Server Cisco Device Article

recently the company is ready to use Radius acts as an authentication server for Cisco devices, and, out of curiosity, first tests with a radius server. The first I used is Tekradius This server, do certification is no problem, but in the authorization, how can not get privilege15 permission, study for a long time have no success, temporarily put aside. Then I switched to win2008r2 NPS as the Radius server, and both authentication and authorization were successful.

install it first. Win2008r2, in Server Manager , Add a new role, select Network Policy and Access Service, choose only Network Policy Server ( Networkpolicy Server) " is OK.

Then Set NPS, because I am testing the environment is not built domain, so in the right-click NPS "registered server in AD " is gray, if used in a domain environment, you need to register first, the default is not automatically registered.

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/85/FA/wKioL1exac-jCI3OAAC3IzoaJU8205.jpg-wh_500x0-wm_3 -wmp_4-s_2902094292.jpg "title=" 1.jpg "alt=" Wkiol1exac-jci3oaac3izoaju8205.jpg-wh_50 "/>

The first step is to join us first . Raidus 's customer service side, Cisco devices. Tap radius Customer Service and server , select radius customer service , click New on theright menu bar ,and then enter the following information A shared secret is a password that is connected to a Cisco device and can be set up casually.

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/85/FA/wKioL1exae2hrh8hAADroxDclO4104.jpg-wh_500x0-wm_3 -wmp_4-s_1264995618.jpg "title=" 2.jpg "alt=" Wkiol1exae2hrh8haadroxdclo4104.jpg-wh_50 "/>

The second step is to establish the authentication and authorization strategy, click "Policy", right click "Network Policy", select "New", although enter a name, click Next,

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/85/FA/wKiom1exagfCMe-MAAGnvPU7oUQ439.jpg-wh_500x0-wm_3 -wmp_4-s_992743193.jpg "title=" 3.jpg "alt=" Wkiom1exagfcme-maagnvpu7ouq439.jpg-wh_50 "/>

in the "Specify criteria" here, I am using the local user group as a condition, click " Add ", Select " user group ", here is the input local administrators, After determining the next step

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/85/FA/wKiom1exaiShiNKcAAC17J0__nA026.jpg-wh_500x0-wm_3 -wmp_4-s_2929663114.jpg "title=" 4.jpg "alt=" Wkiom1exaishinkcaac17j0__na026.jpg-wh_50 "/>

Under "Specify access rights", go directly to the next step,

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/85/FA/wKiom1exak7BZgWNAADBTgF5jWk851.jpg-wh_500x0-wm_3 -wmp_4-s_2797970703.jpg "title=" 5.jpg "alt=" Wkiom1exak7bzgwnaadbtgf5jwk851.jpg-wh_50 "/>

" Configure authentication Method ", to tick "Unencrypted Authentication", click Next

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/85/FA/wKiom1examGDVN05AAEigUhddpo025.jpg-wh_500x0-wm_3 -wmp_4-s_1929248207.jpg "title=" 6.jpg "alt=" Wkiom1examgdvn05aaeiguhddpo025.jpg-wh_50 "/>

Configure constraints, continue to lazy, next

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/85/FA/wKioL1exanbwATQ4AADsdCpOQkg662.jpg-wh_500x0-wm_3 -wmp_4-s_1630385093.jpg "title=" 7.jpg "alt=" Wkiol1exanbwatq4aadsdcpoqkg662.jpg-wh_50 "/>

" configuration Settings ", the RADIUS attribute settingin this page is the key, click " Standard ", the default 2 attributes are deleted,

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/85/FA/wKioL1exao_y27WgAAEqv1HYoBA316.jpg-wh_500x0-wm_3 -wmp_4-s_31055306.jpg "title=" 8.jpg "alt=" Wkiol1exao_y27wgaaeqv1hyoba316.jpg-wh_50 "/>

then add service-type, and in " other " then choose Login

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/85/FA/wKiom1exaqfSn5JjAAEnpWKp8ug707.jpg-wh_500x0-wm_3 -wmp_4-s_265234791.jpg "title=" 9.jpg "alt=" Wkiom1exaqfsn5jjaaenpwkp8ug707.jpg-wh_50 "/>

Click on " Vendor specific " settings Authorization, click "Add", select vendors-specific point to add

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/85/FA/wKiom1exar_jn9ImAAJLUIvQWJ0340.jpg-wh_500x0-wm_3 -wmp_4-s_2891139302.jpg "title=" 10.jpg "alt=" Wkiom1exar_jn9imaajluivqwj0340.jpg-wh_50 "/>

Pop-up attribute information for the interface, select Cisco, and then tap Configure Properties

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/85/FA/wKioL1exatqS-ZvTAABqRBpqDk0810.jpg-wh_500x0-wm_3 -wmp_4-s_2815017029.jpg "title=" 11.jpg "alt=" Wkiol1exatqs-zvtaabqrbpqdk0810.jpg-wh_50 "/>

Configuration VSA, property number : 1, attribute format : string, set value:shell:priv-lvl=15

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/85/FA/wKiom1exau2iA_coAABEegij3Ic866.jpg-wh_500x0-wm_3 -wmp_4-s_912675711.jpg "title=" 12.jpg "alt=" Wkiom1exau2ia_coaabeegij3ic866.jpg-wh_50 "/>

when you're done, click Next and the summary will appear, then click Done. NPS Setup is complete.

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/85/FA/wKioL1exawCCqjCHAAD9tSqg3go982.jpg-wh_500x0-wm_3 -wmp_4-s_4121785288.jpg "title=" 13.jpg "alt=" Wkiol1exawccqjchaad9tsqg3go982.jpg-wh_50 "/>

Finally, the AAA command is configured on The Cisco device ,

AAA New-model turn on AAA mode

The following command is for local protection, it is strongly recommended to do the line protection of the console port

AAA Authentication Login Noauthen None protection - not certified

AAA authorization exec Noauthor None protection - not authorized

AAA Authorization Console

Line Console 0 protection for local lines

Authorization Execnoauthor recommended configuration, but preferably configured on

AAA Authentication Login Default Group RADIUS local//Login authentication, first through radius server, followed by local

AAA Authorization Exec Default Group RADIUS local// authorization authentication, first through radius server, followed by local

Line vty 0 4//Telnet authentication Authorization

Authorization Execdefault

Radius-server host 192.168.11.10 auth-port 1812 Acct-port 1813 Keycisco// Configure radius server,key is just set Shared secret.

This article is from the "Kmzone" blog, make sure to keep this source http://337962.blog.51cto.com/327962/1838395

Using WIN2008R2 as a RADIUS server-Cisco device Chapter

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More