Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1718
Views
0
Helpful
9
Replies

Radius Server and Router AAA

Go to solution
daniel_growth
Level 1
Level 1

‎09-03-2019 05:41 AM

For my assignment I need to configure AAA on all routers (3 in total) there is a server dedicated for radius.

 

I assumed I had configured this correctly but can not get it to work on my main router.

 

Capture.PNG

 

I have attached my packet tracer file. Any usernames and passwords will be 'ADMIN' / 'cisco'

 

Warmingham Router Config:

 

Current configuration : 1813 bytes

!

version 15.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

service password-encryption

!

hostname Warmingham-Router

!

!

!

enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

!

!

!

!

!

aaa new-model

!

aaa authentication login SSH group radius local

!

!

!

!

!

!

!

no ip cef

no ipv6 cef

!

!

!

username ADMIN privilege 15 secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

username USER secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

!

!

license udi pid CISCO1941/K9 sn FTX15241PUZ-

!

!

!

!

!

!

!

!

!

ip ssh version 2

no ip domain-lookup

ip domain-name wha.net

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface GigabitEthernet0/0

ip address 10.0.2.1 255.255.255.224

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

!

interface Serial0/0/0

ip address 10.0.2.34 255.255.255.252

!

interface Serial0/0/1

no ip address

clock rate 2000000

!

interface Serial0/1/0

ip address 10.0.2.38 255.255.255.252

clock rate 2000000

!

interface Serial0/1/1

ip address 145.45.5.1 255.255.255.0

clock rate 2000000

!

interface Vlan1

no ip address

shutdown

!

router ospf 1

log-adjacency-changes

passive-interface GigabitEthernet0/0

passive-interface Serial0/1/1

network 10.0.2.0 0.0.0.31 area 0

network 10.0.2.36 0.0.0.3 area 0

network 10.0.2.32 0.0.0.3 area 0

default-information originate

!

ip classless

!

ip flow-export version 9

!

!

!

banner motd ^CUnauthorized users prohibited - Warmingham Router^C

!

radius-server host 10.0.2.6 auth-port 1645 key cisco

!

!

!

!

line con 0

password 7 0822455D0A16

logging synchronous

!

line aux 0

password 7 0822455D0A16

!

line vty 0 4

password 7 0822455D0A16

logging synchronous

login authentication SSH

transport input ssh

line vty 5 15

password 7 0822455D0A16

logging synchronous

transport input ssh

!

!

!

end

Kind Regards,
Daniel Growth
Labels:
Route Switch.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
luis_cordova
VIP Alumni
VIP Alumni

‎09-03-2019 06:27 AM

Hi @daniel_growth ,

 

Make this changes:

 

On the AAA server, change the Client IP to 10.0.2.1(currently 10.0.2.34)

 

On the router run this command:

Warmingham-Router(config)#aaa authentication login default group radius local

 

Regards

 

Remember to mark the correct answers as solved, because that helps other users with similar questions

View solution in original post

0 Helpful
9 Replies 9

Go to solution
johnd2310
Level 8
Level 8

‎09-03-2019 06:06 AM

Hi,

What error are you getting?

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Go to solution
luis_cordova
VIP Alumni
VIP Alumni

‎09-03-2019 06:27 AM

Hi @daniel_growth ,

 

Make this changes:

 

On the AAA server, change the Client IP to 10.0.2.1(currently 10.0.2.34)

 

On the router run this command:

Warmingham-Router(config)#aaa authentication login default group radius local

 

Regards

 

Remember to mark the correct answers as solved, because that helps other users with similar questions

0 Helpful

Go to solution
daniel_growth
Level 1
Level 1
In response to luis_cordova

‎09-03-2019 07:17 AM

Hey this worked perfectly but im not sure how to implement this on the 2 other routers. Is it the same config or different?
Kind Regards,
Daniel Growth
0 Helpful

Go to solution
luis_cordova
VIP Alumni
VIP Alumni
In response to daniel_growth

‎09-03-2019 08:07 AM

Hi @daniel_growth ,

 

It can be the same configuration.
You can even copy and paste what is already configured on the first router.

Remember the configuration of the VTY lines too.

 

On the server, the Client IP must be the IP of the interface closest to the server, where the packet leaves the router

20.jpg

 

Regards

 

Remember to mark the correct answers as solved, because that helps other users with similar questions

0 Helpful

Go to solution
daniel_growth
Level 1
Level 1
In response to luis_cordova

‎09-04-2019 03:25 AM

Hi i did this on each router but have found the login credentials do not work.

dan.nicholls only works on R1.

I added a login called cisco and that works on both R1 and R2.

Is this a bug in packet tracer or is my config wrong?
Kind Regards,
Daniel Growth
0 Helpful

Go to solution
luis_cordova
VIP Alumni
VIP Alumni
In response to daniel_growth

‎09-04-2019 05:53 AM

Hi @daniel_growth ,

 

Can you compress your exercise with your advances to check it?

 

Regards

0 Helpful

Go to solution
daniel_growth
Level 1
Level 1
In response to luis_cordova

‎09-04-2019 07:36 AM - edited ‎09-04-2019 07:57 AM

@luis_cordova 

 

Yeah sure. Here it is :)

Kind Regards,
Daniel Growth
Route Switch.zip
0 Helpful

Go to solution
luis_cordova
VIP Alumni
VIP Alumni
In response to daniel_growth

‎09-04-2019 08:29 AM

Hi @daniel_growth ,

 

In the exercise you sent I added the new user and I was able to enter the devices without problems:

1.jpg

 

I suggest you check again

 

Regards

0 Helpful

Go to solution
daniel_growth
Level 1
Level 1
In response to luis_cordova

‎09-05-2019 02:19 AM

Must have been a bug. Thanks!

P.S
You have seen my switches already, would they support radius also or not?
Kind Regards,
Daniel Growth
0 Helpful
Customers Also Viewed These Support Documents