Comprar ou Renovar
Comprar ou Renovar
cancelar
Activar sugestões
A sugestão automática ajuda-o a especificar os resultados de pesquisa sugerindo-lhe correspondências enquanto escreve.
Mostrar resultados para 
Pesquisar em vez de 
Queria dizer: 
cancel
Iniciar uma conversa
2203
Apresentações
3
Útil
12
Respostas

Configurar ASR1001 para autenticar clientes via RADIUS

Ir para a Solução
Raphael Felix
Level 1
Level 1

em ‎09-22-2023 01:26 PM - última edição em ‎09-22-2023 02:42 PM por Cisco Employee

I'm trying to set up a test environment but I can't:

Router#show running-config
Building configuration...

Current configuration: 2199 bytes
!
! Last configuration change at 02:21:56 UTC Mon Jan 1 2001
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret X.X.X
!
aaa new-model
!
!
aaa group server radius RADIUS-SERVER
server-private 192.168.90.201 auth-port 1812 acct-port 1813 key CHAVE_RADIUS123
!
aaa authentication ppp default group RADIUS-SERVER local
!
!
!
!
!
aaa session-id common
!
!
!
ip name-server 192.168.90.1
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
redundancy
mode none
!
!
!
!
!
ip tftp source-interface GigabitEthernet0
!
!
!
!
!
!
!
bba-group pppoe global
virtual-template 1
!
!
interface Loopback0
no ip address
!
interface GigabitEthernet0/0/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface FastEthernet0/1/0
description INTERNET_RADIUS
ip address 192.168.90.200 255.255.255.0
negotiation auto
!
interface FastEthernet0/1/1
description SAIDA_PPPOE
ip address 192.168.100.1 255.255.255.0
negotiation auto
pppoe enable group global
!
interface FastEthernet0/1/2
no ip address
shutdown
negotiation auto
!
interface FastEthernet0/1/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 192.168.25.1 255.255.255.0
negotiation auto
!
Virtual-Template1 interface
ip unnumbered Loopback0
ppp authentication pap
ppp ipcp address required
!
ip local pool POOL-PPPOE 192.168.100.10 192.168.100.20
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.90.1
!
!
!
radius-server host 192.168.90.201 auth-port 1812 acct-port 1813 key CHAVE_RADIUS123
!
!
control plane
!
!
!
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password admin
!
end

Rótulos:
0 Útil
1 Soluções Aceita

Soluções aceites

Ir para a Solução
balaji.bandi
Hall of Fame
Hall of Fame
Em resposta a Raphael Felix

em ‎09-24-2023 12:52 AM

1.

Virtual-Template1 interface
ip unnumbered Loopback0   <-- if the Loopback not up and not used - then use the correct interface here 
ppp authentication pap   <-- you configured on PAP here - so make sure end client use PAP suggest to use chap also
ppp ipcp address required
!

2. Make sure you change the Radius config 

3. use debug on server 

#Debug pppoe events

#debug ppp negotiation

 

example follow below guide exactly for to work ;

http://networkingbodges.blogspot.com/2015/04/quick-build-cisco-pppoe-server.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Ver solução na publicação original

12 RESPOSTAS 12

Ir para a Solução
balaji.bandi
Hall of Fame
Hall of Fame

em ‎09-23-2023 02:13 AM

If you using Loopback0 - i do not see any config on the Loopback0 ? (is this up or down ?)

what radius server you using ?

when you have config Radius server group and radius host (use only 1 and remove another one just be clear ?)

what client you testing, what is the error you getting on client and what logs you see on radius ?

Suggest to run debug on the router see the errors.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Ir para a Solução
Raphael Felix
Level 1
Level 1
Em resposta a balaji.bandi

em ‎09-23-2023 11:02 AM

If you using Loopback0 - i do not see any config on the Loopback0 ? (is this up or down ?)

R - There is no loopback configuration, I am only configuring radius for testing, as today I only use mikrotik

what radius server you using ?

R - Freeradius

when you have config Radius server group and radius host (use only 1 and remove another one just be clear ?)

R - I think so

what client you testing, what is the error you getting on client and what logs you see on radius ?

R - No request arrives in Cisco's freeradius only from my current mikrotik

Suggest to run debug on the router see the errors.

0 Útil

Ir para a Solução
MHM Cisco World
VIP
VIP

em ‎09-23-2023 02:59 AM

server-private <<- why you use this ?

0 Útil

Ir para a Solução
Raphael Felix
Level 1
Level 1
Em resposta a MHM Cisco World

em ‎09-23-2023 11:02 AM

That's what I got comparing what I have configured on Mikrotik today.

0 Útil

Ir para a Solução
balaji.bandi
Hall of Fame
Hall of Fame
Em resposta a Raphael Felix

em ‎09-24-2023 12:52 AM

1.

Virtual-Template1 interface
ip unnumbered Loopback0   <-- if the Loopback not up and not used - then use the correct interface here 
ppp authentication pap   <-- you configured on PAP here - so make sure end client use PAP suggest to use chap also
ppp ipcp address required
!

2. Make sure you change the Radius config 

3. use debug on server 

#Debug pppoe events

#debug ppp negotiation

 

example follow below guide exactly for to work ;

http://networkingbodges.blogspot.com/2015/04/quick-build-cisco-pppoe-server.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Ir para a Solução
Raphael Felix
Level 1
Level 1
Em resposta a balaji.bandi

em ‎09-28-2023 08:18 PM

Português:
Se eu usar o arquivo "/etc/freeradius/users", funciona, mas usando o usuario cadastrado no banco de dados mysql ele autentica e desconecta.

English:
If I use the file "/etc/freeradius/users", it works, but using the user registered in the mysql database it authenticates and disconnects.

0 Útil

Ir para a Solução
balaji.bandi
Hall of Fame
Hall of Fame
Em resposta a Raphael Felix

em ‎09-29-2023 03:03 AM

You mean to say that works for static user, if you use radius with mysql DB it disconnect - or is this resolve ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Útil

Ir para a Solução
Raphael Felix
Level 1
Level 1
Em resposta a balaji.bandi

‎09-29-2023 03:45 AM - editado ‎09-29-2023 04:03 AM

it's not solved.

When I authenticate with the static user, it works.

When I authenticate with the user registered in the "mysql" database, it doesn't work.

0 Útil

Ir para a Solução
balaji.bandi
Hall of Fame
Hall of Fame
Em resposta a Raphael Felix

em ‎09-29-2023 04:00 AM

then you need to Look the integration with freeradius with mysql configuration guide (that question should go freeradius forume).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Ir para a Solução
Raphael Felix
Level 1
Level 1
Em resposta a balaji.bandi

em ‎09-29-2023 04:26 AM

I think I was doing something wrong when configuring Freeradius, I've revised all the settings and now it's working.

Gravação de Tela 2023-09-29 às 08.22.51.mov
0 Útil

Ir para a Solução
Raphael Felix
Level 1
Level 1

em ‎09-23-2023 10:54 AM

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="Generator" content="Microsoft Word 15 (filtered medium)" />&lt;!--&lt;br&gt;/* Font Definitions */&lt;br&gt;@font-face&lt;br&gt; {font-family:"Cambria Math";&lt;br&gt; panose-1:2 4 5 3 5 4 6 3 2 4;}&lt;br&gt;@font-face&lt;br&gt; {font-family:Calibri;&lt;br&gt; panose-1:2 15 5 2 2 2 4 3 2 4;}&lt;br&gt;/* Style Definitions */&lt;br&gt;p.MsoNormal, li.MsoNormal, div.MsoNormal&lt;br&gt; {margin:0cm;&lt;br&gt; font-size:11.0pt;&lt;br&gt; font-family:"Calibri",sans-serif;}&lt;br&gt;span.EstiloDeEmail18&lt;br&gt; {mso-style-type:personal-compose;&lt;br&gt; font-family:"Calibri",sans-serif;&lt;br&gt; color:windowtext;}&lt;br&gt;.MsoChpDefault&lt;br&gt; {mso-style-type:export-only;&lt;br&gt; font-size:10.0pt;&lt;br&gt; mso-ligatures:none;}&lt;br&gt;@page WordSection1&lt;br&gt; {size:612.0pt 792.0pt;&lt;br&gt; margin:70.85pt 3.0cm 70.85pt 3.0cm;}&lt;br&gt;div.WordSection1&lt;br&gt; {page:WordSection1;}&lt;br&gt;&lt;br&gt;
0 Útil

Quick links

Navegue pelos links rápidos da Comunidade e usufrua de um conteúdo personalizado e em seu idioma nativo:

Documentos de Ajuda sobre a Comunidade Podcast Comunidades do Brasil Vídeo dos últimos eventos
Customers Also Viewed These Support Documents