For my assignment I need to configure AAA on all routers (3 in total) there is a server dedicated for radius.
I assumed I had configured this correctly but can not get it to work on my main router.
I have attached my packet tracer file. Any usernames and passwords will be 'ADMIN' / 'cisco'
Warmingham Router Config:
Current configuration : 1813 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Warmingham-Router
!
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
!
!
!
aaa new-model
!
aaa authentication login SSH group radius local
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
username ADMIN privilege 15 secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
username USER secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
!
!
license udi pid CISCO1941/K9 sn FTX15241PUZ-
!
!
!
!
!
!
!
!
!
ip ssh version 2
no ip domain-lookup
ip domain-name wha.net
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 10.0.2.1 255.255.255.224
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.0.2.34 255.255.255.252
!
interface Serial0/0/1
no ip address
clock rate 2000000
!
interface Serial0/1/0
ip address 10.0.2.38 255.255.255.252
clock rate 2000000
!
interface Serial0/1/1
ip address 145.45.5.1 255.255.255.0
clock rate 2000000
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
passive-interface GigabitEthernet0/0
passive-interface Serial0/1/1
network 10.0.2.0 0.0.0.31 area 0
network 10.0.2.36 0.0.0.3 area 0
network 10.0.2.32 0.0.0.3 area 0
default-information originate
!
ip classless
!
ip flow-export version 9
!
!
!
banner motd ^CUnauthorized users prohibited - Warmingham Router^C
!
radius-server host 10.0.2.6 auth-port 1645 key cisco
!
!
!
!
line con 0
password 7 0822455D0A16
logging synchronous
!
line aux 0
password 7 0822455D0A16
!
line vty 0 4
password 7 0822455D0A16
logging synchronous
login authentication SSH
transport input ssh
line vty 5 15
password 7 0822455D0A16
logging synchronous
transport input ssh
!
!
!
end
Accepted Solutions
Hi @daniel_growth ,
It can be the same configuration.
You can even copy and paste what is already configured on the first router.
Remember the configuration of the VTY lines too.
On the server, the Client IP must be the IP of the interface closest to the server, where the packet leaves the router
Regards
Remember to mark the correct answers as solved, because that helps other users with similar questions
Hi @daniel_growth ,
In the exercise you sent I added the new user and I was able to enter the devices without problems:
I suggest you check again
Regards
