Configure Telnet User Login to Use RADIUS Authentication, Authorization and Statistics
Network Requirements
- Device is connected to the Telnet and RADIUS server and the IP route is available.
- The IP address of the RADIUS server is 2.0.0.2/24, the authentication/authorization port is 1812, the statistics port is 1813, and the share key is admin.
- When Telnet user logs into Device, it is required to authenticate/authorize and measure via the RADIUS server.
- When the RADIUS server fails, use the local authentication and authorization.
Network Topology
Figure 11-2 Networking of configuring Telnet user login to use RADIUS authentication/authorization and accounting
Configuration Steps
Step 1: Configure VLAN, and add the port to the corresponding VLAN. (omitted)
Step 2: Configure the IP address of the interface.(Omitted)
Step 3: Configure Device.
#Configure AAA, and use the RADIUS authentication/authorizationm and accounting.
-
Authentication and authorization first use the first method in the method list. Use the second method to authenticate and authorize when the server fails.
|
Device#configure terminal
Device(config)#domain system
Device(config-isp-system)#aaa authentication login radius-group radius-group local
Device(config-isp-system)#aaa authorization login radius-group radius-group local
Device(config-isp-system)#aaa accounting login start-stop radius-group radius-group
Device(config-isp-system)#exit
|
#Configure the RADIUS server, the authentication port is 1812, the statistics port is 1813, and the share key is admin.
|
Device(config)#aaa server group radius radius-group
Device(config-sg-radius-radius-group)#server 2.0.0.2 auth-port 1812 acct-port 1813 key admin
Device(config-sg-radius-radius-group)#exit
|
#Configure the Telnet session and enable the RADIUS authentication/authorization and statistics.
|
Device(config)#line vty 0 15
Device(config-line)#login aaa
Device(config-line)#exit
|
Step 4: Configure the RADIUS server.
For the interface setting of the RADIUS server, refer to the help document of the server. The following lists the main steps.
#Add the user admin on the RADIUS server, set the password as admin and configure the user label as 15.
#Set the IP address of the server as 2.0.0.2, share key as admin, authentication port as 1812 and statistics port as 1813.
#Set the IP address of the client as 2.0.0.1 and the share key as admin.
Step 5: Check the result, and verify the authentication/authorization and statistics.
#After Telnet user logs in to Device, authorize successfully, and use the show privilege command to view the user priority 15.
#We can view the login and disconnection statistics information on the RADIUS server.
Switch
.png){kind=icon}
.png){kind=logo}
