Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
201
Views
0
Helpful
1
Replies

Deploying Radius on Catalyst 3750 - Mini ISP Scenario

zhir
Level 1
Level 1

‎05-03-2024 11:48 PM

Dear Community,

I am using a Catalyst 3750 V2 switch and have successfully connected to the DaloRadius server. I can log into the switch with the users I created in the Radius server without any problem, Now, I want to grant or restrict access to the end users connected to the same switch. I really have no idea where to begin. Essentially, I want any user (or an AP) that is connected to this switch to have their access controlled by the Radius server, similar to how ISPs or hotels operate. Please i need a detailed guide if possible.
Thanks a lot.

Below is my current config: 

*Mar 1 03:00:41.369: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to up
Switch>en
Switch#conf
Switch#sh run
Switch#sh running-config
Building configuration...

Current configuration : 5057 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
username admin password 0 Nexus@2022
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius if-authenticated
aaa accounting exec default start-stop group radius
!
!
!
aaa session-id common
switch 1 provision ws-c3750v2-48ps
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet1/0/1
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/2
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/3
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/4
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/5
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/6
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/7
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/8
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/9
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/10
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/11
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/12
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/13
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/14
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/15
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/16
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/17
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/18
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/19
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/20
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/21
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/22
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/23
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/24
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/25
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/26
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/27
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/28
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/29
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/30
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/31
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/32
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/33
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/34
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/35
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/36
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/37
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/38
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/39
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/40
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/41
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/42
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/43
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/44
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/45
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/46
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/47
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/48
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface Vlan1
no ip address
!
interface Vlan100
ip address 11.11.11.13 255.255.255.0
ip access-group INTERNET-ACCESS in
!
ip classless
ip http server
ip http secure-server
!
radius-server host 11.11.11.10 auth-port 1812 acct-port 1813 key ZhirZhir@@
!
control-plane
!
!
line con 0
line vty 5 15
!
end

Switch#

*Mar 1 03:00:41.369: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to up
Switch>en
Switch#conf
Switch#sh run
Switch#sh running-config
Building configuration...

Current configuration : 5057 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
username admin password 0 Nexus@2022
aaa new-model
!
!
aaa authentication login default group radius local
aaa authorization exec default group radius if-authenticated
aaa accounting exec default start-stop group radius
!
!
!
aaa session-id common
switch 1 provision ws-c3750v2-48ps
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet1/0/1
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/2
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/3
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/4
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/5
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/6
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/7
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/8
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/9
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/10
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/11
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/12
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/13
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/14
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/15
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/16
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/17
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/18
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/19
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/20
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/21
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/22
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/23
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/24
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/25
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/26
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/27
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/28
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/29
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/30
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/31
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/32
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/33
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/34
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/35
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/36
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/37
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/38
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/39
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/40
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/41
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/42
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/43
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/44
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/45
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/46
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/47
switchport access vlan 100
switchport mode access
!
interface FastEthernet1/0/48
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface Vlan1
no ip address
!
interface Vlan100
ip address 11.11.11.13 255.255.255.0
ip access-group INTERNET-ACCESS in
!
ip classless
ip http server
ip http secure-server
!
radius-server host 11.11.11.10 auth-port 1812 acct-port 1813 key ZhirZhir@@
!
control-plane
!
!
line con 0
line vty 5 15
!
end

Switch#

 

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎05-04-2024 01:50 AM

Look  at PPPoE example guide similarly you can do on 3750 - 12.2 IOS quite old don't remember it works -  but you can try with limitations. (it required dot1.x support)

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-2_7_e/configuration_guide/b_1527e_consolidated_2960x_cg/m_pppoe_ia.html

 PPPoE with  daloradius / freeradius example :

https://ephemeralportal.blogspot.com/2014/08/using-daloradius-in-gns3-to-demo-isps.html

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents