RE: Configuring Radius server with a cisco router

["Mark Tinka" <mtinka at africaonline.co.ug>]

Cistron has, like you say, a users file with a sample configuration. I don't
run it anymore, but IIRC, you can use the "steve" sample section to setup
users. It should be the first of the many available examples. Other
attributes you may want to use when adding users include:

Service-Type = Framed-User
Framed-Protocol = PPP
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Framed-Filter-Id = 1

Of course, Framed-Filter-Id is only useful if you are providing specific
services to specific dial-up users. The other attributes are pretty
standard.

Using RADIUS with Cisco is a breeze. To do this, enter the following
commands into your Cisco router:

!
aaa authentication ppp default if-needed group radius
aaa authorization network default group radius if-authenticated
aaa accounting network default start-stop group radius

!
radius-server host x.x.x.x auth-port 1812 acct-port 1813 key secret
radius-server retransmit 3
radius-server authorization permit missing Service-Type

x.x.x.x = the IP address of your RADIUS server
secret  = the shared secret between your Cisco router and your RADIUS server

Also, you can specify more than one RADIUS server host in your Cisco config,
if you have a back-up RADIUS server available. You will have to double check
what RADIUS ports you have configured on your Cistron. I have used the new
ones here. The old ones are 1645 for authentication and 1646 for accounting.

Good luck.

Mark Tinka
Network Engineer
Africa Online Uganda
5th Floor, Commercial Plaza
7 Kampala Rd,
Tel:   +256-41-258143
Fax:   +256-41-258144
E-mail: mtinka at africaonline.co.ug
Web:     www.africaonline.co.ug



-----Original Message-----
From: owner-afnog at afnog.org [mailto:owner-afnog at afnog.org]On Behalf Of
David Chima
Sent: Thursday, November 21, 2002 3:15 PM
To: afnog at afnog.org
Subject: Configuring Radius server with a cisco router


Hello,
I have a 2600 cisco router and a RedHat Linux box where I have installed
radiusd-cistron-1.6.6 to act as my radius server. On a cisco router I have
external
modems which the end user will use to dial into my router. I want to set up
the
Radius server to properly Authenticate, Authorise and Account for all the
users who
will be logging into my network. I have tried to set up the client and the
naslist files
quite Ok. I also had set up the router with radius as an operating protocol.
I have a
problem on how to setup the user's file. I see so many options in the
documentation
and as well in the users file. Is there any one who can give me a hint as to
how I can
go about it.

I tested the router seting it up with TACACS+ authenticated through a
ciscosecure
and all went well, but I would like to use RADIUS instead of TACACS+. Please
help

Regards

David


-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org



-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org