Cisco AAA Radius Server Configuration on GNS3



In this tutorial I will explain shortly what is AAA and how to enable AAA on a Cisco router and some basic AAA authentication configuration. Please note that this is only about the router end configuration.
What is AAA?
AAA services are like a security package, which provides a massive security to a device.
AAA stands for Authentication, authorization and accounting.

Authentication: 
Validate who you are, instead of enable secret now u have username and password to login.
Authorization:  
Tells you what you can do. Define different user’s privileges and access levels. 
Accounting:  
Use for monitoring and for keeping history. Tracks what you did on a device.

By using AAA u can control PPP links, aux port, dialup modem, VTY, VPN access anything that required password.
AAA Protocols:
There are two famous protocols use for AAA services that are
ü  Radius
ü  Tacacs
Radius server is open standard where as Tacacs+ server is Cisco proprietary. You can also use the Microsoft Active directory services as AAA server.  

For AAA demonstration I have created the following topology in which R1 is enabled for AAA authentication. In first step I have created an AAA authentication group named “viki-group” in which I define server-group priority and  radius server address which is not present here but due to priority router first look for an Radius server and then authenticate user from their local database . Second step is enable AAA for your required service in my case I enabled it for VTY access.  

R1 config:

R1(config)#int s1/0
R1(config-if)#ip add 1.1.1.1 255.255.255.0
R1(config-if)#no shut
R1(config)#aaa new-model
R1(config)#aaa authentication login viki-login group radius local                 (Server priority)
R1(config)#radius-server host 192.168.1.1 key password                          (Server Address)
R1(config)#username viki password cisco                                               (Local user Database)

R1(config)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login authentication viki-login                       (enable AAA for Telnet access)
R1(config-line)#ex

Radious Configuration:

Radious(config)#int s1/0
Radious(config-if)#ip add
Radious(config-if)#ip address 1.1.1.2 255.255.255.0
Radious(config-if)#no shu
Radious(config-if)#no shutdown

For verification telnet to 1.1.1.1 and now router authenticate you with a user name and password.



9 comments:

  1. thanks for sharing ..

    ReplyDelete
  2. Thanks for this valueable information!!!

    ReplyDelete
  3. I HATE PROTOCOLS

    ReplyDelete
  4. i have heard about AAA server...It gives more security....i like it more...

    ReplyDelete
  5. thanx for share bro
    please give me more details to configure radius on gns3 & vmware

    ReplyDelete
  6. DEAR anonymous I believe you have not used AAA server as the same is not getting authenticated through AAA server .
    NOTE you have created local username in ROUTER to get authenticated..


    CAN ANY ONE HELP ME HOW TO ADD AAA SERVER IN GNS

    ReplyDelete

UA-23728446-1