Step 1 |
enable
Example:
|
Enables privileged EXEC mode.
|
Step 2 |
configure
terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3 |
aaa
new-model
Example:
Router(config)# aaa new-model
|
Enables the AAA access control model.
|
Step 4 |
aaa
authentication
login
default
group
radius
Example:
Router(config)# aaa authentication login default group radius
|
Sets AAA authentication at login using the group radius method.
|
Step 5 |
aaa
authentication
login
list-name
none
Example:
Router(config)# aaa authentication login noAAA none
|
Sets AAA authentication at login and ensures that the authentication succeeds even if all methods of authentication return an error.
|
Step 6 |
aaa
authentication
eou
default
enable
group
radius
Example:
Router(config)# aaa authentication eou default enable group radius
|
Sets authentication lists for Extensible Authentication Protocol over User Datagram Protocol (EAPoUDP).
|
Step 7 |
aaa
authorization
network
default
group
radius
local
Example:
Router(config)# aaa authorization network default group radius local
|
Sets parameters that restrict user access to a network using the group radius and local methods.
|
Step 8 |
aaa
authorization
list-name
default
group
radius
Example:
Router(config)# aaa authorization auth-proxy default group radius
|
Sets parameters that restrict user access to a network using the group radius method.
|
Step 9 |
aaa
accounting
auth-proxy
default
start-stop
group
group-name
Example:
Router(config)# aaa accounting auth-proxy default start-stop group radius
|
Creates a method list to provide information about all authenticated-proxy user events.
|
Step 10 |
aaa
accounting
system
default
start-stop
group
group-name
Example:
Router(config)# aaa accounting system default start-stop group radius
|
Creates a method list to provide accounting for all system-level events not associated with users.
|
Step 11 |
aaa
session-id
common
Example:
Router(config)# aaa session-id common
|
Specifies that the same ID will be assigned for each AAA accounting service type within a call.
|
Step 12 |
radius-server
attribute
6
on-for-login-auth
Example:
Router(config)# radius-server attribute 6 on-for-login-auth
|
Sends the Service-Type attribute in the authentication packets.
|
Step 13 |
radius-server
attribute
8
include-in-access-req
Example:
Router(config)# radius-server attribute 8 include-in-access-req
|
Sends the IP address of a user to the RADIUS server in the access request.
|
Step 14 |
radius-server
attribute
25
access-request
include
Example:
Router(config)# radius-server attribute 25 access-request include
|
Sends an arbitrary value that the network access server includes in all accounting packets for the user if supplied by the RADIUS server.
|
Step 15 |
radius-server
configure-nas
Example:
Router(config)# radius-server configure-nas
|
Configures the Cisco router or access server to query the vendor-proprietary RADIUS server for the static routes and IP pool definitions used throughout its domain when the device starts up.
|
Step 16 |
radius-server
host
ip-address
auth-port
port-number
acct-port
port-number
key
string
Example:
Router(config)# radius-server host 192.168.104.131 auth-port 1645 acct-port 1646 key string1
|
Specifies a RADIUS server host.
|
Step 17 |
radius-server
host
ip-address
auth-port
port-number
acct-port
port-number
key
string
Example:
Router(config)# radius-server host 192.168.104.132 auth-port 1645 acct-port 1646 key string2
|
Specifies a RADIUS server host.
|
Step 18 |
radius-server
source-ports
extended
Example:
Router(config)# radius-server source-ports extended
|
Enables 200 ports in the range from 21645 to 21844 to be used as the source ports for sending out RADIUS requests.
|
Step 19 |
radius-server
vsa
send
authentication
Example:
Router(config)# radius-server vsa send authentication
|
Configures the network access server (NAS) to recognize and use vendor-specific attributes (VSAs).
|
Step 20 |
exit
Example:
|
Exits global configuration mode.
|