https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758163#M409076 <HTML><HEAD></HEAD><BODY><P>OK</P><P></P><P>Thanks</P><P>Normally we use ssh when connect to device. My test device is now configured for telnet.</P><P>Is ssh able to use those better secure methods.</P><P></P><P>Juha </P><P></P></BODY></HTML> Fri, 14 Sep 2007 03:19:44 GMT u346874_2 2007-09-14T03:19:44Z https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758157#M409070 <P>Any good hints/links where is information how to start do authentication with microsoft ias server.</P><P>Now we use ssh to connect our devices but now is need to start to use aaa. Our devices are cisco 3500, 4500, 6500 series devices. Pictures, configuring examples anything is now needed.</P><P></P><P>Thanks</P><P>Juha</P> Sun, 10 Mar 2019 22:21:39 GMT https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758157#M409070 u346874_2 2019-03-10T22:21:39Z https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758158#M409071 <HTML><HEAD></HEAD><BODY><P>Juha,</P><P>Here are the IOS commands for setting up AAA,</P><P></P><P>Router(config)# username [username] password [password]</P><P> radius-server host [ip]</P><P> radius-server key [key]</P><P> aaa new-model</P><P> aaa authentication login default group radius+ local</P><P></P><P>Guidelines for Placing Radius in the Network,</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a0080092567.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a0080092567.shtml</A></P><P></P><P>Configuring RADIUS</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7ab.html#1000872" target="_blank">http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7ab.html#1000872</A></P><P></P><P>Hope that helps.</P><P></P><P></P><P>Regards,</P><P>~JG</P><P></P><P>Please rate helpful posts</P><P></P><P></P><P></P><P></P></BODY></HTML> Wed, 29 Aug 2007 14:36:54 GMT https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758158#M409071 Jagdeep Gambhir 2007-08-29T14:36:54Z https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758159#M409072 <HTML><HEAD></HEAD><BODY><P>Thanks JG</P><P></P><P>I have set router with commands and i can see from sniffer that my router sends 4 times Access reguest to MS IAS server but no response comes. My settings is now</P><P></P><P>aaa new-model</P><P>aaa authentication login default group radius none</P><P>radius-server host 10.x.x.x auth-port 1645 acct-port 1646</P><P>radius-server source-ports 1645-1646</P><P>radius-server key mykey</P><P>radius-server vsa send authentication</P><P></P><P>MS IAS server is set to communicate with MS AD. I have set radius client(cisco device) and remote access policy to MS IAS but no response comes from that when i try to connect via vlan to my device. I found one advice how to set MS IAS but iam not sure is that OK. Any idea where to found advice what attributes and settings have to be set in MS IAS server so that i could login to my device with radius authentication.</P><P></P><P>thanks </P><P>Juha</P></BODY></HTML> Wed, 12 Sep 2007 08:34:25 GMT https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758159#M409072 u346874_2 2007-09-12T08:34:25Z https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758160#M409073 <HTML><HEAD></HEAD><BODY><P>Juha,</P><P>This doc will help you.</P><P></P><P></P><P>Regards,</P><P>~JG</P><P></P><P> </P><P></P></BODY></HTML> Wed, 12 Sep 2007 19:29:06 GMT https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758160#M409073 Jagdeep Gambhir 2007-09-12T19:29:06Z https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758161#M409074 <HTML><HEAD></HEAD><BODY><P>Thanks.</P><P>That was very good pdf document. Now i can use radius and MS IAS successfully. Only one thing i cant understand. I can only use PAP protocol. If i try to use any other athentication fails. Usernames will sent in the clear. Is it really so that cisco devices does not support any other Authentication protocol.? Fortunately password is not in clear text because of shared secret.</P><P></P><P>Juha</P></BODY></HTML> Thu, 13 Sep 2007 10:22:40 GMT https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758161#M409074 u346874_2 2007-09-13T10:22:40Z https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758162#M409075 <HTML><HEAD></HEAD><BODY><P>Juha,</P><P>The issue is not with Cisco. Telnet sessions uses PAP password authentication. Because of this reason, IAS authentication is working with PAP password and fails for other password authentication attempts. </P><P></P><P>PAP password authentication will send username is clear text and password is encrypted.</P><P></P><P>For other sessions like PPP, we can specify password authentication methods as CHAP or</P><P>MS-CHAP methods.</P><P></P><P>Regards,</P><P>~JG </P></BODY></HTML> Thu, 13 Sep 2007 13:15:11 GMT https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758162#M409075 Jagdeep Gambhir 2007-09-13T13:15:11Z https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758163#M409076 <HTML><HEAD></HEAD><BODY><P>OK</P><P></P><P>Thanks</P><P>Normally we use ssh when connect to device. My test device is now configured for telnet.</P><P>Is ssh able to use those better secure methods.</P><P></P><P>Juha </P><P></P></BODY></HTML> Fri, 14 Sep 2007 03:19:44 GMT https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758163#M409076 u346874_2 2007-09-14T03:19:44Z https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758164#M409077 <HTML><HEAD></HEAD><BODY><P>It provides high confidentiality and integrity of data.</P></BODY></HTML> Mon, 17 Sep 2007 21:59:08 GMT https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758164#M409077 Jagdeep Gambhir 2007-09-17T21:59:08Z https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758165#M409080 <HTML><HEAD></HEAD><BODY><P>Is there any document where is explanation how does that algorithm work.(when using that shared security with pap) Our security people is not pleased because of that pap protocol. I could not found how is that password encrypted. </P><P></P><P>Juha </P></BODY></HTML> Tue, 18 Sep 2007 06:14:00 GMT https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758165#M409080 u346874_2 2007-09-18T06:14:00Z https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758166#M409083 <HTML><HEAD></HEAD><BODY><P>Juha,</P><P>The password is encrypted using an MD5 hash when passed between the router and Radius and they use the shared secret as part of that hash. The RFCs can explain it a lot better than I can.</P><P></P><P></P><P><A class="jive-link-custom" href="http://www.ietf.org/rfc/rfc2865.txt" target="_blank">http://www.ietf.org/rfc/rfc2865.txt</A></P><P></P><P></P><P>Hope that helps</P><P></P><P>Regards,</P><P>~JG</P><P></P><P></P><P></P><P></P><P></P></BODY></HTML> Tue, 18 Sep 2007 11:04:27 GMT https://community.cisco.com/t5/network-access-control/where-to-start-configure-radius-with-cisco-devices/m-p/758166#M409083 Jagdeep Gambhir 2007-09-18T11:04:27Z